Group items tagged

EU-U.S. Privacy Shield Program Overview The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. On July 12, the European Commission deemed the Privacy Shield Framework adequate to enable data transfers under EU law (see the adequacy determination). The Privacy Shield program, which is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enables U.S.-based organizations to join the Privacy Shield Framework in order to benefit from the adequacy determination. To join the Privacy Shield Framework, a U.S.-based organization will be required to self-certify to the Department of Commerce (via this website) and publicly commit to comply with the Framework’s requirements. While joining the Privacy Shield Framework is voluntary, once an eligible organization makes the public commitment to comply with the Framework’s requirements, the commitment will become enforceable under U.S. law. All organizations interested in joining the Privacy Shield Framework should review its requirements in their entirety. To assist in that effort, Commerce’s Privacy Shield Team has compiled resources and addressed frequently asked questions below. ResourcesKey New Requirements for Participating Organizations How to Join the Privacy ShieldPrivacy Policy FAQs Frequently Asked Questions

The United States on Friday criticized proposals to build a European communication network to avoid emails and other data passing through the United States, warning that such rules could breach international trade laws. In its annual review of telecommunications trade barriers, the office of the U.S. Trade Representative said impediments to cross-border data flows were a serious and growing concern.It was closely watching new laws in Turkey that led to the blocking of websites and restrictions on personal data, as well as calls in Europe for a local communications network following revelations last year about U.S. digital eavesdropping and surveillance."Recent proposals from countries within the European Union to create a Europe-only electronic network (dubbed a 'Schengen cloud' by advocates) or to create national-only electronic networks could potentially lead to effective exclusion or discrimination against foreign service suppliers that are directly offering network services, or dependent on them," the USTR said in the report.

Germany and France have been discussing ways to build a European network to keep data secure after the U.S. spying scandal. Even German Chancellor Angela Merkel's cell phone was reportedly monitored by American spies.The USTR said proposals by Germany's state-backed Deutsche Telekom to bypass the United States were "draconian" and likely aimed at giving European companies an advantage over their U.S. counterparts.Deutsche Telekom has suggested laws to stop data traveling within continental Europe being routed via Asia or the United States and scrapping the Safe Harbor agreement that allows U.S. companies with European-level privacy standards access to European data. (www.telekom.com/dataprotection)"Any mandatory intra-EU routing may raise questions with respect to compliance with the EU's trade obligations with respect to Internet-enabled services," the USTR said. "Accordingly, USTR will be carefully monitoring the development of any such proposals."

U.S. tech companies, the leaders in an e-commerce marketplace estimated to be worth up to $8 trillion a year, have urged the White House to undertake reforms to calm privacy concerns and fend off digital protectionism.

Vodafone, one of the world's largest mobile phone groups, has revealed the existence of secret wires that allow government agencies to listen to all conversations on its networks, saying they are widely used in some of the 29 countries in which it operates in Europe and beyond.The company has broken its silence on government surveillance in order to push back against the increasingly widespread use of phone and broadband networks to spy on citizens, and will publish its first Law Enforcement Disclosure Report on Friday. At 40,000 words, it is the most comprehensive survey yet of how governments monitor the conversations and whereabouts of their people.The company said wires had been connected directly to its network and those of other telecoms groups, allowing agencies to listen to or record live conversations and, in certain cases, track the whereabouts of a customer. Privacy campaigners said the revelations were a "nightmare scenario" that confirmed their worst fears on the extent of snooping.

Vodafone's group privacy officer, Stephen Deadman, said: "These pipes exist, the direct access model exists."We are making a call to end direct access as a means of government agencies obtaining people's communication data. Without an official warrant, there is no external visibility. If we receive a demand we can push back against the agency. The fact that a government has to issue a piece of paper is an important constraint on how powers are used."Vodafone is calling for all direct-access pipes to be disconnected, and for the laws that make them legal to be amended. It says governments should "discourage agencies and authorities from seeking direct access to an operator's communications infrastructure without a lawful mandate".

In America, Verizon and AT&T have published data, but only on their domestic operations. Deutsche Telekom in Germany and Telstra in Australia have also broken ground at home. Vodafone is the first to produce a global survey.

The EU has been known to make a lot of odd decisions when it comes to tech, such as forcing Microsoft's hand at including a "browser wheel" with its Windows OS, but this latest decision is one I think most people will agree with. One thing that's frustrating about different smartphones is the occasional requirement to use a different charger. More frustrating is actually losing one of these chargers, and being unable to charge your phone even though you might have 8 of another charger readily available.

While this decision would cut down on this happening, the focus is to cut down on waste. On Thursday, the EU's internal market and consumer protection committee voted on forcing smartphone vendors to adopt a standard charger, which common sense would imply means micro USB, given it's already featured on the majority of smartphones out there. The major exception is Apple, which deploys a Lightning connector with its latest iPhones. Apple already offers Lightning to micro USB cables, but again, those are only useful if you happen to own one, making a sudden loss of a charger all-the-more frustrating. While Lightning might offer some slight benefits, Apple implementing a micro USB connector instead would make situations like those a lot easier to deal with (I am sure a lot of us have multiple micro USB cables lying around). Even though this law was a success in the initial voting, the government group must still bring the proposal to the Council which will then lead to another vote being made in the Parliament. If it does end up passing, I have a gut feeling that Apple will modify only its European models to adhere to the law, while its worldwide models will remain with the Lightning connector. Or, Apple might be able to circumvent the law if it offers to include the micro USB cable in the box, essentially shipping the phone with that connector.

All existing data sharing agreements between Europe and the US should be revoked, and US web site providers should prominently inform European citizens that their data may be subject to government surveillance, according to the recommendations of a briefing report for the European Parliament. The report was produced in response to revelations about the US National Security Agency (NSA) snooping on internet traffic, and aims to highlight the subsequent effect on European Union (EU) citizens' rights.

The report warns that EU data protection authorities have failed to understand the “structural shift of data sovereignty implied by cloud computing”, and the associated risks to the rights of EU citizens. It suggests “a full industrial policy for development of an autonomous European cloud computing capacity” should be set up to reduce exposure of EU data to NSA surveillance that is undertaken by the use of US legislation that forces US-based cloud providers to provide access to data they hold.

To put pressure on the US government, the report recommends that US websites should ask EU citizens for their consent before gathering data that could be used by the NSA. “Prominent notices should be displayed by every US web site offering services in the EU to inform consent to collect data from EU citizens. The users should be made aware that the data may be subject to surveillance by the US government for any purpose which furthers US foreign policy,” it said. “A consent requirement will raise EU citizen awareness and favour growth of services solely within EU jurisdiction. This will thus have economic impact on US business and increase pressure on the US government to reach a settlement.”

The EU has slammed the US for its demand that Microsoft surrender overseas data – emails held on Irish servers – saying that the move could contravene international law. The US attempt to make Microsoft provide the emails prompted Viviane Reding, vice-president of the European Commission, to offer support to Microsoft and openly criticize the loss of personal information it could potentially involve. “The commission’s concern is that the extraterritorial application of foreign laws [and orders to companies based thereon] may be in breach of international law,” Reding wrote last week in a letter responding to questions from Dutch MEP Sophia in't Veld, reported the Financial Times on Monday. The move would “hurt the competitiveness of US cloud providers in general,” Microsoft said, adding that: “Microsoft and US technology companies have faced growing mistrust and concern about their ability to protect the privacy of personal information located outside the US.”

Reding added that the US “may impede the attainment of the protection of individuals guaranteed” under EU law. Her statement further echoes arguments laid out by Apple, Cisco, AT&T, and Verizon, which supported Microsoft against the US warrant. At the beginning of June, Microsoft compared the warrant to an authorization for federal agents ‘to break down the doors’ of its Dublin facility. Reding said the US should have leaned away from coercion and instead depended on mutual legal assistance treaties that facilitate law enforcement agency cooperation.

“Companies bound by EU data protection law who receive such a court order are caught in the middle of such situations where there is, as you say in your letter, a conflict of laws,” Reding wrote.

The world was a different place when, in October 2015, the Court of Justice of the European Union (CJEU) struck down the “Safe Harbour” data-sharing agreement that allowed the transfer of European citizens’ data to the US. The Court’s decision concluded that the indiscriminate nature of the surveillance programs carried out by U.S. intelligence agencies, exposed two years earlier by NSA-contractor-turned-whistleblower Edward Snowden, had made it impossible to ensure that the personal data of E.U. citizens would be adequately protected when shared with American companies. The ruling thus served to further solidify the long-standing conventional wisdom that Continental Europe is better at protecting privacy than America. However, Europe’s ability to continue to take this moral high ground is rapidly declining. In recent months, and in the wake of a series of terrorist attacks across Europe, Germany, France and the United Kingdom — Europe’s biggest superpowers — have passed laws granting their surveillance agencies virtually unfettered power to conduct bulk interception of communications across Europe and beyond, with limited to no effective oversight or procedural safeguards from abuse.