In parts of Europe, electricity prices are occasionally dropping below zero, meaning suppliers effectively pay consumers to use power, while at the same time demand from data centres is rising sharply, creating a growing tension in how energy systems are balanced.

Why Electricity Prices Can Turn Negative

Electricity markets operate in real time, which creates a structural challenge when large volumes of renewable energy are generated at once. For example, wind and solar cannot easily be switched off, so when generation exceeds demand and storage capacity is limited, prices can actually fall below zero to encourage consumption.

Germany, one of the most advanced renewable energy markets, recorded more than 500 hours of negative electricity pricing in 2025, showing how quickly renewable generation is scaling compared with the infrastructure needed to manage it.

The issue is not that energy is abundant in a practical sense, but that it is arriving at the wrong time. Large volumes of electricity may be generated during windy nights or sunny afternoons, while demand remains relatively stable, creating temporary imbalances that the system must resolve.

How Energy Systems Try To Absorb The Surplus

Negative electricity pricing is used by energy markets as a signal to increase consumption when supply exceeds demand, encouraging industrial users to ramp up production, storage systems to charge, and flexible consumers to take advantage of lower or even negative costs.

Despite these signals, the system’s ability to respond remains limited because battery storage capacity is still insufficient at grid scale and many industries cannot easily adjust operations in real time, which results in renewable energy being curtailed and effectively wasted.

This situation highlights a structural gap in the energy transition, where generating renewable electricity is only part of the challenge and matching that generation with demand at the right time is becoming equally critical.

Why Data Centres Are Driving Demand In The Opposite Direction

At the same time as surplus energy events are increasing, a separate trend is pushing electricity demand sharply higher. Data centres, particularly those supporting AI workloads, are consuming significantly more power than in previous years.

According to the International Energy Agency, global data centre electricity demand rose by around 17 percent in 2025 alone, far outpacing overall electricity demand growth of roughly 3 percent. These facilities require continuous, stable power and cannot easily adjust consumption to match fluctuating supply.

This creates a direct mismatch with renewable generation patterns. While wind and solar output varies throughout the day, data centres operate around the clock, placing constant demand on the grid regardless of when renewable energy is available.

The result is a system being pulled in two directions at once, with periods of oversupply becoming more frequent while baseline demand continues to rise.

Why This Matters For Sustainability

The combination of surplus renewable energy and rising data centre demand presents both a challenge and an opportunity. In theory, energy-intensive infrastructure could be aligned with periods of high renewable output, helping to absorb excess generation and reduce waste.

In practice, this is difficult to achieve. Data centres are designed for reliability rather than flexibility, and shifting workloads based on energy availability introduces technical and operational complexity.

Some operators are beginning to explore solutions, including shifting non-critical workloads to periods of high renewable output and investing in co-located energy generation or storage. However, these approaches remain limited in scale compared with the speed of demand growth.

What This Means For Energy Markets And Infrastructure

The growing frequency of negative pricing, combined with rising demand from digital infrastructure, is forcing a rethink of how energy systems are designed and managed.

Grid operators are focusing on improving flexibility through storage, demand response, and dynamic pricing, while also investing in transmission infrastructure to move surplus energy between regions more effectively.

At the same time, electricity is becoming a more dynamic resource, where timing and location increasingly determine cost rather than a single stable price.

For policymakers, this creates quite an awkward balancing act. Expanding renewable generation remains essential, but equal attention must be given to storage, grid resilience, and demand flexibility to ensure that energy can be used efficiently.

What Does This Mean For Your Organisation?

For businesses, these trends point to a more dynamic energy landscape where cost and availability are increasingly influenced by when and how electricity is used.

Organisations with energy-intensive operations may find opportunities to reduce costs by aligning consumption with lower-price periods, particularly as smart tariffs and automated energy management systems become more accessible.

At the same time, rising demand from data centres highlights the growing importance of efficiency and sustainability in digital infrastructure, with potential knock-on effects for cloud pricing and service design.

The broader takeaway here is that energy is becoming less predictable and more time-sensitive, and businesses that understand these dynamics will be better placed to manage both costs and sustainability commitments as the system continues to evolve.

ChatGPT’s new Images 2.0 tool makes it faster and easier to create, edit, and refine high-quality visuals, giving you more control, improved accuracy, and far more realistic results.

[Note – To Watch This Video without glitches/interruptions, It may be best to download it first]

Having the BCC field visible in Outlook helps you avoid exposing recipient email addresses and reduces the risk of sending messages incorrectly to large groups.

Why This Matters

When sending emails to multiple recipients, especially external contacts, it is easy to accidentally include everyone in the To or CC fields.

This can expose email addresses to others, create unnecessary reply chains and, in some cases, lead to data protection issues.

Using BCC (blind carbon copy) allows you to include recipients without revealing their details to others, helping maintain privacy and control.

Making the BCC field visible ensures it is always available when needed rather than relying on memory.

How To Turn On The BCC Field In Outlook (Desktop App)

1. Open a new email in Outlook.
2. Click the ‘Options’ tab.
3. Select ‘BCC’.

The BCC field will now appear in your email window.

How To Turn On The BCC Field In Outlook On The Web

1. Click ‘New mail’.
2. Select the ‘More options’ menu (three dots).
3. Choose ‘Show BCC’.

The BCC field will then be displayed when composing emails.

What To Watch For

• Use BCC when emailing groups who do not know each other.
• Avoid placing large external groups in the To or CC fields.
• Be mindful that replies may still go to all visible recipients depending on how the email is structured.

A Practical Approach

Make a habit of using BCC for group emails and external communications.

Keeping the BCC field visible helps you make better decisions when sending emails and reduces the risk of avoidable mistakes that can affect professionalism and data privacy.

Booking.com has reported a data breach involving customer reservation details, and the exposed data is already being used to carry out highly convincing “reservation hijack” scams.

What Happened At Booking.com?

Booking.com has confirmed that unauthorised third parties accessed customer reservation data, including names, email addresses, phone numbers, home addresses, and details of past and upcoming bookings.

The company says financial information was not taken from its systems, but it seems that the data that has been exposed is highly sensitive in a different way and could be giving criminals the exact context they need to convincingly impersonate legitimate hotel communications.

For example, customers have already reported receiving suspicious messages, and the platform has begun notifying affected users (by email) while updating reservation PINs as a containment measure. The overall scale of the breach has not yet been fully disclosed.

How The Booking.com Data Breach Appears To Have Happened

Early analysis seems to point to a familiar weak spot rather than a direct breach of Booking.com’s core systems.

Research highlighted by Microsoft suggests attackers targeted hotel partners using phishing techniques designed to trick staff into installing malware, with one method known as “ClickFix” disguising malicious downloads as routine system fixes, often delivered via fake CAPTCHA pages.

Once hotel systems are compromised, attackers can gain access to booking platforms and extract customer data at scale, which aligns with recent reporting about the incident from Malwarebytes, indicating the breach likely originated through third-party access rather than a single central failure.

This matters as it reflects a structural issue rather than a one-off vulnerability, highlighting how interconnected systems can introduce risk beyond the primary platform itself.

What Makes Reservation Hijacking So Effective?

Cybersecurity experts have labelled the resulting scams “reservation hijacking”. In a typical attack of this kind, criminals contact a customer posing as their hotel, referencing genuine booking details such as dates, property names, and contact information, and then claim there is an issue with the booking that requires payment verification or an urgent transfer.

This level of detail removes many of the usual warning signs associated with phishing, as the communication feels routine, relevant, and timed to coincide with an upcoming stay.

As a result, victims are far more likely to comply, especially when the request appears consistent with what they expect from a legitimate provider.

According to data from the UK’s Action Fraud, hundreds of Booking.com-related scams have already been reported in recent years, with significant financial losses, and the concern now is that this breach will increase both the scale and success rate of these attacks.

A Pattern In The Travel Sector

Sadly, this incident is not happening in isolation. For example, travel platforms operate within complex ecosystems involving hotels, franchises, agents, and third-party service providers, and each connection introduces another potential entry point for attackers.

Recent breaches affecting airlines, rail services, and car hire firms all seem to have followed a similar pattern, with attackers gaining access through partners rather than the primary platform itself.

UK consumer group Which? has previously raised concerns about weak verification processes and the misuse of messaging systems within booking platforms, highlighting how easily fraudulent listings and communications can appear legitimate.

The result is an environment where trust is high but control is fragmented, making it easier for attackers to exploit gaps between systems and organisations.

What Has Booking.com Said About The Incident?

Booking.com has said it identified “suspicious activity” affecting a number of reservations and acted quickly to contain the issue, including updating reservation PINs and contacting affected customers directly.

The company has confirmed that unauthorised third parties were able to access certain booking information, but maintains that financial details were not exposed through its systems.

It has also stressed that it will never ask customers to share credit card details by email, phone, WhatsApp or text, or request payments outside the terms set out in the original booking confirmation.

While Booking.com has not disclosed how many customers have been affected or which regions are involved, it has urged users to remain vigilant and report any suspicious messages or payment requests.

Why This Breach Matters More Than It Looks

At first glance, the absence of stolen payment data may seem reassuring, but in reality this type of breach can be just as damaging.

Modern fraud relies less on stealing card numbers and more on manipulating behaviour, and when attackers know where someone is staying, when they are travelling, and how to contact them, they can craft messages that feel entirely credible.

The speed of exploitation is also notable, with reports suggesting phishing attempts began emerging within days of the breach being identified, indicating a coordinated effort to turn stolen data into immediate financial gain.

This effectively moves the incident from a passive data exposure to an active fraud campaign.

What Does This Mean For Your Business?

For organisations that store customer data or rely on third-party platforms, the incident highlights how exposure now extends well beyond internal systems.

Weaknesses within partner organisations can quickly become shared risks, particularly where access to customer data and operational platforms is interconnected, making supply chain security just as important as internal controls.

For Booking.com, the breach adds to ongoing scrutiny around platform security and fraud prevention, especially given the long-running issues with scams linked to its ecosystem, and increases pressure to strengthen both partner controls and customer protections.

Across the wider travel sector, the incident reinforces a persistent challenge, as platforms depend on large, distributed networks of hotels and service providers, creating multiple entry points for attackers and making consistent security standards difficult to enforce at scale.

For customers, the immediate risk lies in highly targeted phishing attempts that feel genuine, with real booking details being used to create convincing scenarios, making it far harder to distinguish between legitimate communication and fraud.

This also highlights how data that appears relatively low risk in isolation can become far more valuable when combined, particularly when it enables attackers to construct believable, real-world narratives that bypass normal scepticism.

In response, there is a growing expectation that platforms will take a more active role in protecting users, whether through stronger partner authentication requirements, improved monitoring of messaging systems, or clearer safeguards around how and when payments should be made.

At the same time, customers are being urged to remain cautious, particularly when asked to make payments or share sensitive information, even if the request appears to come from a known provider or references a genuine booking.

The Booking.com breach demonstrates how quickly stolen data can be turned into targeted, real-world attacks when it is rich in context, reinforcing a broader point for businesses that security is no longer just about protecting systems, but about understanding how data could be used against the people who trust them with it.

France is planning to replace parts of its government use of Windows with Linux, signalling a wider shift across Europe to reduce reliance on US technology and regain control over critical digital infrastructure.

A Move From Windows To Linux-Based Alternatives

The French government has confirmed that it will begin moving some public sector systems away from Microsoft Windows in favour of Linux-based alternatives, starting with workstations within its digital agency, DINUM.

This is not an isolated technical decision but is part of a broader state-led strategy to reduce dependence on non-European technology providers across multiple areas, including operating systems, collaboration tools, cloud platforms, and data infrastructure.

In an official statement, the French government explained its position, saying: “The State can no longer simply acknowledge its dependence; it must break free… We can no longer accept that our data, our infrastructure, and our strategic decisions depend on solutions whose rules, pricing, evolution, and risks we do not control,” referring primarily to large non-European (US) technology providers.

This is what policymakers are increasingly referring to as “digital sovereignty”.

What Digital Sovereignty Really Means

At its core, digital sovereignty is about control. It essentially means having the ability to decide how systems are built, where data is stored, who has access to it, and how services can be used or withdrawn. It also means reducing exposure to external political, legal, and commercial pressures that sit outside national or regional control.

France’s approach reflects a growing belief that relying heavily on foreign-owned platforms, particularly those based in the United States, creates risks that go beyond cost or vendor lock-in.

As another French government statement put it, “Digital sovereignty is not optional, it is a strategic necessity.” In short, this highlights a situation where the issue is no longer just about which software works best, but about whether a country can actually rely on the systems it depends on.

Why US Tech Dependence Is Now Seen As A Risk

The concern is not simply that US companies dominate global technology markets, but that they operate under US law and political control, which can change quickly and have far-reaching consequences.

That risk has come into sharper focus under the current administration of Donald Trump, where foreign policy has become more unpredictable and, at times, openly confrontational, with sanctions and political pressure being used more aggressively against perceived opponents.

One example is the use of sanctions powers by the US government, where organisations or individuals can effectively lose access to digital services if companies are required to comply. In some recent cases, this has reportedly led to email accounts being shut down and access to financial and digital systems being restricted.

This is no longer viewed as a theoretical risk, and European policymakers and analysts increasingly point to real-world situations where access to email, cloud services, or financial systems has been disrupted due to geopolitical decisions.

From a European perspective, that creates a situation where critical infrastructure could be affected by actions taken outside its control, regardless of whether the technology itself is secure.

As Thierry Carrez of Linux Foundation Europe has noted in industry discussions, technical safeguards cannot fully protect against a scenario where a provider is legally required to withdraw service. That is the risk France and others are now trying to reduce.

A Wider European And UK Concern

France is not acting alone. Across the European Union, there is now a coordinated effort to identify and reduce reliance on foreign technology providers.

For example, the European Parliament has already directed the European Commission to assess areas of dependency, and several countries, including Germany and the Netherlands, are investing in open-source and sovereign alternatives.

Also, in the UK, similar concerns are being raised. A recent report from the Open Rights Group warned that “this over-reliance on foreign tech companies is now an urgent national security issue as well as an economic threat,” highlighting how deeply embedded US technology has become in public infrastructure.

The report also pointed to the broader implications of that dependence, noting that a small number of companies have been able to “gain control of the UK’s digital infrastructure, locking the government into wasteful contracts and shaping tech policy in their favour.”

This is not just about technology choices. It is about influence, control, and resilience.

What This All Means In Practice

Moving away from platforms like Windows is only one part of a much larger shift.

Governments are increasingly looking at alternatives to widely used tools such as Microsoft 365, Google Workspace, and US-based cloud services, often favouring open-source solutions or locally hosted platforms.

France, for example, has already begun replacing Microsoft Teams with a domestically developed video conferencing tool and is planning to migrate sensitive health data to a “trusted” platform under its own control.

That said, there is also a recognition that full independence is neither realistic nor necessary, and digital sovereignty is better understood as reducing reliance on any single provider or jurisdiction, rather than attempting to eliminate external technology altogether. That means diversification, interoperability, and greater visibility over where risks exist.

What Does This Mean For Your Business?

For businesses across the UK and Europe, this raises some important questions about reliance on major technology providers.

Many organisations are deeply integrated with platforms such as Microsoft, Google, and Amazon, often without fully considering the broader implications of that dependence.

The growing focus on digital sovereignty suggests that resilience is becoming just as important as functionality or cost, particularly where critical systems and sensitive data are involved.

It also highlights how legal and geopolitical factors can now directly affect access to technology, not just its availability or performance.

In practical terms, this does not mean businesses need to abandon existing platforms, but it does mean understanding where dependencies exist and how they could impact operations if circumstances change.

For technology providers, there is also increasing pressure to demonstrate transparency, data control, and regional independence, particularly as governments and large organisations reassess their long-term strategies.

France’s move away from Windows is unlikely to be the last of its kind, and it reflects a broader shift in thinking that is gathering pace.

The key takeaway here is that technology decisions are no longer purely technical. They are becoming strategic choices about control, resilience, and trust in an increasingly uncertain global environment.

Google is introducing a new spam policy targeting “back button hijacking”, a deceptive tactic that traps users on websites, with penalties that could see offending sites pushed down or removed from search results.

Spam Policy Change Under “Malicious Practices”

Google has confirmed that from 15 June 2026, back button hijacking will be treated as an explicit violation of its spam policies under “malicious practices”.

This means websites using the technique could face manual penalties or automated ranking drops in Google Search, significantly reducing their visibility and traffic.

The company says the move is in response to a growing number of sites using manipulative tactics that interfere with how users expect the web to work.

In its announcement, Google made the reasoning clear, stating that the behaviour “breaks the expected user journey” and leaves people feeling manipulated.

What Is Back Button Hijacking?

Back button hijacking is a relatively simple concept, but one that most users will have experienced at some point.

It happens when a website interferes with a browser’s back button so that clicking it does not take the user back to the previous page as expected. Instead, users may be redirected to another page, shown unwanted content, or kept within the same site.

In some cases, additional pages are silently inserted into the browser history, creating the illusion that the user has navigated normally when they have not.

The result is a browsing experience that feels confusing and, at times, deliberately obstructive.

This type of behaviour undermines one of the most basic assumptions of the web, that users are in control of their own navigation.

Why Is Google Acting Now?

Google has said it has seen a noticeable rise in this kind of behaviour, which has pushed it to act more explicitly.

While similar practices have long been discouraged, this is the first time back button hijacking has been clearly defined as a standalone violation within Google’s spam policies, signalling a more direct approach to enforcement.

This practice sits within a wider rise in so-called “dark patterns”, where design or technical tricks are used to nudge or trap users into actions they did not intend, with back button hijacking being a clear example that undermines the basic user experience and breaks the expectations people have of how the web should work.

How These Web Tactics Are Being Used

In many cases, back button hijacking is implemented through scripts that manipulate browser history or intercept navigation events.

For example, users might click a search result, land on a site, and then find that pressing “back” does not return them to the search results, but instead cycles through pages they never intended to visit. This can be used to keep users on a site longer, increase ad impressions, or funnel them through affiliate links.

It should be noted here, however, that it is not always deliberate. Google has acknowledged that some instances may come from third-party advertising networks, plugins, or embedded libraries that site owners are not fully aware of.

This means businesses could end up being penalised for behaviour they did not even realise was happening.

Back Button Hijacking – The Consequences And Penalties

Now Google has decided to act, the consequences of being caught using back button hijacking could be significant. Google has made it clear that sites engaging in the practice may face ranking demotions or, in more serious cases, removal from search results altogether.

For businesses that rely on organic search traffic, this could have a direct and very serious impact on visibility, enquiries, and revenue.

However, Google has also said that sites which fix the issue can request reconsideration, suggesting the focus is on correcting behaviour rather than issuing permanent penalties.

The key point here is that enforcement will be both automated and manual, meaning detection could come from algorithms as well as human review.

What Does This Mean For Your Business?

For businesses with a website, this change is less about a specific tactic and more about a broader change in expectations.

Google is basically making it clear that interfering with user control, even indirectly, is no longer acceptable, and that technical implementations need to align with how users expect the web to behave.

That puts greater responsibility on organisations to understand not just their own code, but also the behaviour of third-party tools, plugins, and advertising platforms integrated into their sites.

It also highlights how user experience is now directly tied to search performance, and practices that frustrate or mislead users are increasingly being treated in the same way as traditional spam.

For many organisations, this will mean taking a closer look at how their website behaves in real-world use, particularly around navigation, redirects, and history handling.

It also means that search engines are now moving beyond content quality alone and are placing more weight on whether a site behaves in a way that users trust.

Google’s move against back button hijacking is a relatively small technical change on the surface, but it reflects a much bigger direction of travel. It seems that the web is being pushed back towards a model where users remain more in control, and where attempts to manipulate that control come with some clear consequences.