Privacy and the digital economy are at odds

Livemint,  Tuesday, April 26, 2016

Allowing tech companies to continue innovating and creating this public good while protecting user rights will not be easy. And it will be complicated further by multiple factors: shifting perceptions of digital privacy with millions of users showing little concern about signing their data over as long as they get a good deal for it; sovereignty and security concerns about US government access to the data that has elevated data flows to the realm of diplomacy and brought about deals like the US-EU Privacy Shield agreement.

Working together in Europe makes us stronger

Stephen Orfei, The Hill,  Tuesday, April 26, 2016

As we have seen in recent years, trouble often looms when stakeholders get confused by non-standard approaches to payment security. The push-and-tug of competing standards, laws, regulations and variations between countries and regions can bog companies down with trying to figure out what to do without getting clobbered by a breach and its devastating fallout. With that challenge in mind, the PCI-ECPA strategic partnership hopes to simplify the path to greater data security by helping all stakeholders achieve their goals – including governments and regulatory agencies.

UK information commissioner weighs in on Privacy Shield

Warwick Ashford, Computer Weekly,  Monday, April 25, 2016

It would be “very sensible” if both the EU and the US answered the questions European data protection authorities are asking about the Privacy Shield pact, according to the UK information commissioner.

Commission sends Statement of Objections to Google on Android operating system and applications

European Commission - Press release,  Wednesday, April 20, 2016

The Commission's preliminary view is that Google has implemented a strategy on mobile devices to preserve and strengthen its dominance in general internet search. First, the practices mean that Google Search is pre-installed and set as the default, or exclusive, search service on most Android devices sold in Europe. Second, the practices appear to close off ways for rival search engines to access the market, via competing mobile browsers and operating systems. In addition, they also seem to harm consumers by stifling competition and restricting innovation in the wider mobile space. The Commission's concerns are outlined in a Statement of Objections addressed to Google and its parent company, Alphabet. Sending a Statement of Objections does not prejudge the outcome of the investigation.

With Privacy Shield up in the air, businesses need to know where their data is stored - but nearly half don't

Chloe Green, InfoSecurity Europe,  Wednesday, April 20, 2016

Businesses still need to be concerned about the origins of their hosting provider and where their data is located as backups can leak across cloud supply chains and regional jurisdictions don’t always have the necessary controls required to meet EU regulation.

U.S. reluctant to change data pact after EU watchdogs' concerns

Julia Fioretti, Reuters,  Wednesday, April 20, 2016

The United States does not want to change the substance of a data transfer pact agreed in February with the European Commission, a senior official said, after EU privacy watchdogs voiced concerns over elements of the deal. Stefan Selig, U.S. Undersecretary of Commerce for International Trade, said the United States would evaluate the EU regulators' opinion - published last week - very carefully, but would be wary of reopening the agreement.

Microsoft cites new EU personal data rules in support of email dispute

John Ribeiro, IDG News Service,  Tuesday, April 19, 2016

Microsoft has cited new European data protection rules in support of its claim that the U.S. government should use inter-governmental agreements rather than a warrant to force the technology company to provide emails stored in Ireland that are required for an investigation. The General Data Protection Regulation was adopted last week by the European Parliament with an aim to provide an unified data protection regime across member states. It was earlier adopted by the Council of the EU, and is to come into effect in a little over two years after its publication in the EU Official Journal. The legislation will replace the EU Data Protection Directive, which dates back to 1995.

Transatlantic Setback or Invitation to Dialogue?: EU Data Regulators’ Verdict on Privacy Shield

Peter Margulies, Lawfare,  Friday, April 15, 2016

EU data protection authorities, the Article 29 Working Party (WP), have issued a comprehensive analysis of the proposed EU-US data transfer agreement. The WP repeatedly praises the improvements made in Privacy Shield, and recognizes the panoply of protections provided under US law, including the review of government certifications by the Foreign Intelligence Surveillance Court (FISC). The WP’s careful analysis of US law represents a major evolution in the transatlantic dialogue about surveillance practices. Yet dialogue is not unconditional approval, and the WP’s analysis also reflects ongoing concerns.

Massive EU data protection overhaul finally approved

Glyn Moody, Ars Technica UK,  Friday, April 15, 2016

The European Parliament today voted in favour of major reforms to data protection in the EU, first put forward in January 2012 as a replacement for the current rules, which were drawn up in 1995. The new law is done and dusted and will come into action in April 2018. There are two components to the new law: the General Data Protection Regulation (GDPR), which is designed to give EU citizens better control of their personal data, and the Data Protection Directive, which covers how personal data is used by police in the EU.

EU privacy regulators: Commission ‘could do better’ on Privacy Shield

Peter Sayer, PC World,  Wednesday, April 13, 2016

The Privacy Shield trans-Atlantic data transfer arrangement is better than its predecessor, Safe Harbor, but still not good enough, European Union data protection authorities said Wednesday. They want the European Commission improve the deal it has negotiated with U.S. authorities to ensure that EU citizens' personal information receives privacy protection equivalent to that of EU law when it is exported to the U.S.