Chat Control Returns, KIDS Act & Meta's AI Photo Maker (07/09/2026)
- › The EU's Chat Control proposal survived a vote to shelve it, reviving mandatory scanning of private messages before encryption.
- › The House passed the KIDS Act, a package that would police what Americans browse and message, now headed to the Senate.
- › Meta's new AI image generator can produce pictures of users who have public profiles.
- › The European Commission declined to force platform interoperability, keeping EU users locked in walled gardens.
- › RentGrow will pay $2.25 million to settle FTC charges it violated the Fair Credit Reporting Act on tenant screening.
The EU’s Chat Control is back from the dead after a vote to kill it fell short, which puts client-side scanning of private messages on the table again for every European. At home, the House passed the KIDS Act, a bundle that would police what Americans browse and message in the name of protecting them. Both share a tell: the people being surveilled never agreed to it, and the fear doing the selling is running louder than the evidence behind it.
Top 5 Critical Privacy Alerts
1. EU ‘Chat Control’ Survives a Kill Vote
The EU’s Chat Control proposal survived after a vote to shelve it fell short, reviving mandatory scanning of private messages before they are encrypted (The Register). Scanning every message on the device to catch a few treats 450 million people as suspects by default, and a scanner that reads your messages for one stated purpose is a capability that never stays limited to that purpose.
Operator Note: Client-side scanning is a backdoor with better branding. If it ships, treat any “private” channel to an EU user as readable by policy.
2. House Passes the KIDS Act
The House passed the KIDS Act, a package that folds a revised Kids Online Safety Act together with browsing and messaging controls, and it now heads to the Senate (EFF). Age verification means every adult hands over an ID to use the internet, and the record of who-browsed-what becomes a standing target and a standing tool the moment it exists.
Operator Note: “Protect the kids” laws tend to ship an adult surveillance dataset. Watch what the verification actually collects, not what the title promises.
3. Meta’s AI Image Generator Alarms Privacy Experts
Meta’s new AI image generator can produce pictures of users who have public profiles, and advocates are telling people to check their settings before someone else generates them (The Guardian). Those public photos were posted for other people to see, and quietly repurposing them as raw material for a synthetic-image engine is consent laundering.
Operator Note: Tell your executives and their families to lock down public profile photos now. A public headshot is training data and impersonation fuel.
4. EU Commission Keeps Users Behind Big Tech’s Gates
The European Commission declined to force interoperability between the major social platforms, leaving EU users locked inside walled gardens they cannot easily leave (EFF). When you cannot carry your social graph elsewhere, the platform holds your relationships hostage, and that lock-in is what lets it treat your data however it likes.
5. RentGrow Pays $2.25M Over Tenant-Screening Accuracy
RentGrow, a tenant-screening provider, will pay $2.25 million to settle FTC charges that it violated the Fair Credit Reporting Act (FCRA), including by failing to ensure the accuracy of the reports landlords used to judge applicants (FTC). A wrong line in a screening file follows a family for years, into an apartment denied by a number they never saw and could not correct.
Operator Note: If your business buys background or screening data on people, FCRA accuracy duties are being enforced with real dollars now. Audit your data sources.
Additional Privacy Alerts
Privacy Laws & Regulations
- FTC targets AI “accuracy suppression”: the agency issued a proposed policy statement on accuracy and output steering in AI systems, open for public comment through July 31. Inside Privacy
Data Minimization & User Consent
- OpenAI asks for your travel routes: a verified email shows ChatGPT inviting users to share travel plans and timing to train the model, which is a lot to hand over for convenience. PogoWasRight
- AI recruitment gets a hard look: Privacy International’s investigation digs into how “humanless” hiring software processes and profiles applicants. Privacy International
Privacy-Enhancing Technologies
- Google’s remote attestation gets worse: EFF says the new reCAPTCHA “Mobile Verification” scheme extends the walled garden and is as bad for users as the version it replaces. EFF
Regulatory Fines & Enforcement Actions
- Memorial Healthcare settles pixel case: the California provider agreed to settle class-action litigation over tracking pixels that leaked patient data to advertisers. PogoWasRight
The Axe Report is a daily briefing from Grab The Axe. Need help assessing your organization’s security posture? Take our free Human Attack Surface Score assessment.
A PhD candidate in Health Psychology and former Corrections Officer, Jeff founded GTA to dismantle passive security models. He focuses on the 'Human Zero-Day', mitigating executive burnout and decision fatigue before they become security breaches.
View Profile →Media Inquiries
For expert commentary, interview requests, or high-res assets regarding this announcement, initialize the terminal.