Apple’s decision to withdraw its Advanced Data Protection (ADP) feature from the UK marks a significant moment in the ongoing debate about security and privacy. The move follows the UK government’s request for access to encrypted data under the Investigatory Powers Act (IPA). Rather than comply, Apple has opted to remove the service in the UK.
The BBC reports that ADP, an opt-in feature offering end-to-end encryption for iCloud storage, will no longer be available to UK users. Apple expressed deep disappointment with the decision, stating that it has never created a backdoor for its products and has no intention of doing so.
Jake Moore, Global Cybersecurity Advisor at ESET, warns, “Apple’s decision raises enormous concerns regarding user privacy and data security whilst marking a huge step backwards in the protection of privacy online. Creating a backdoor for ethical reasons means it will inevitably only be a matter of time before threat actors also find a way in. iCloud storage contains highly personal and sensitive data and remains backed up for protection and safety. To know this data could now be accessed breaks the trust between users and technology companies, effectively ripping a hole in the internet.”
For the security industry, the implications are profound. Encryption is fundamental to protecting sensitive data, whether in personal storage, enterprise networks, or critical infrastructure. If governments successfully pressure tech companies into weakening encryption, similar requests could follow for security platforms, including surveillance and access control systems.
From a regulatory standpoint, the UK’s approach contrasts with that of the US, where encryption remains largely protected. Some US politicians have even suggested reassessing intelligence-sharing agreements with the UK in response. If a major tech firm like Apple adjusts its security policies based on government pressure, businesses must reevaluate their reliance on cloud-based services and encryption protocols.
This is not just about Apple. It is about the broader impact on digital privacy and security standards. The security industry must ensure that government-led measures do not unintentionally compromise the integrity of the very systems designed to protect people and assets.
What are your views? Share it with us: [email protected]