EU: EU DPAs said to consider ways to restrict EU citizens’ data transfers to the US
The EU and the US have accelerated negotiations on a new EU-US data transfers framework, as the deadline of 31 January set by the EU data protection authorities (DPAs) approaches. However, Isabelle Falque-Pierrotin, President of the French data protection authority (CNIL) and Chairwoman of the Article 29 Working Party (WP) stated that DPAs do not expect a final agreement by the end of January but want to see a sign of political will to address the issues raised in the judgment which struck down the Safe Harbour Agreement.
The WP will meet on 2 February to decide to what extent companies should be allowed to continue transferring EU citizens’ data to the US following the annulation of the Safe Harbour. According to recent media reports, DPAs might be inclined to look into ways to restrict personal data transfers to the US.
At a preparatory meeting of the WP, which took place on 20 January, DPAs discussed a range of possible outcomes which included freezing of all new authorisations for US data transfers on the basis of binding corporate rules within multinationals or standard contractual clauses between companies. However, it was reported that not all DPAs were in favour of a restrictive approach.
EU: Diverging views on the January deadline for new Safe Harbour agreement
Paul Nemitz, Director for fundamental rights at the European Commission’s DG Justice, who is one of the negotiators on the new framework, stated that end of January is not a formal deadline. Touching upon some of the contentious issues, Nemitz stated that considering that an EU-US data transfers deal gives US companies the privilege to access the EU internal market, a special effort from the United States to address the demands raised by the EU negotiators is required.
Reacting to the US Senate decision to delay the vote on the Judicial Redress Act, which could have negative consequences on the conclusion of a new EU-US data transfers agreement, the European Parliament’s EPP groupurged the negotiators not to miss the-end-of-January deadline.
EU: Trade associations urge leaders to promptly establish a new framework for EU-US data transfers
In a joint letter sent to European Commission President Jean-Claude Juncker, European Council President Donald Tusk, US President Barack Obama and Heads of Governments of the EU Member States, a group of trade associations stressed the critical importance of concluding negotiations on a strengthened framework for transatlantic data transfers. The signatories warned that a failure to reach an agreement would negatively affect both the EU and US economies.
Calling on the leaders to promote a speedy establishment of a legally durable framework, DigitalEurope, BusinessEurope, Information Technology Industry Council and the US Chamber of Commerce also underlined the importance of providing a reasonable transition period.
France: Companies breaching data protection provisions will face higher fines
According to an amendment to the proposed French digital bill, CNIL would be able to impose much higher fines on companies breaching data protection rules. In case of a repeated breach of the rules, CNIL would be able to impose a fine of up to €20 million or 4% of the company’s turnover, compared with the current cap of €150,000.
The future bill should also establish a framework which would oblige online platforms to ensure portability of data. Axelle Lemaire, Secretary of state in charge of digital, stated that the proposed measure promotes a level playing field and enhances competition among platforms.
EU: Big data may attract the attention of the European Commission
Vestager’s comments highlight the increased focus that regulators give to the use of big data. The Commissioner said that the Commission would carefully differentiate between different types of data, considering that some become quickly obsolete.
EU: ENISA calls for enhanced private-public cooperation
In a newly released study on critical information infrastructures’ protection (CIIP) practices in the EU, the European Network and Information Security Agency (ENISA) urged EU Member States and the European Commission to enhance private-public cooperation in the field of cybersecurity, as the study showed underperforming CIIP in view of more targeted cyber threats.
The study revealed that public-private partnerships have been established in only half of all EU Member States. When it comes to security requirements across sectors, the study further showed that only a few EU Member States have at this stage implemented such mandatory requirements and that incentives to invest in such measures are close to non-existent.
On 21 January, Udo Helmbrecht, Executive Director of ENISA underlined that new threats to critical information infrastructures constitute a constantly increasing danger, and that a coordinated approach between EU Member States and the private sector is necessary.
Ireland: Draft Irish cybercrime bill could be leaving the door open for encryption backdoors
On 15 January, Ireland published the Criminal Justice (Offenses Relating to Information Systems) Draft Bill, which defines the scope of an information system. The draft bill comes in parallel to the European Union’s Network and Information Security Directive backed by the Council of the EU in December.
The Irish cybercrime bill states that it would be a crime to access, hinder or interrupt, intercept or interfere with information systems without permission, which leaves privacy watchdog worried that lawful authorities could still be allowed access.
Global: Governments and tech companies discuss encryption backdoors in Davos
At the World Economic Forum which took place in Davos, Switzerland on 20-23 January, governments and tech companies exchanged and confronted their views on information sharing, surveillance and encryption.
An interlocking international legal system aimed to expedite cross-border requests to track criminality through online communications was mentioned at the Forum as a possible way to avoid decryption.
Tech companies have been arguing that changing the structure of their encryption systems would not stop terrorists and criminals from using other encryption systems but would on the other hand make widely used systems and software more vulnerable to attacks.
In the EU, governments and law-enforcement agencies made nearly 63,000 requestsfor information about users to Microsoft, Google, Apple, Facebook and Twitter in the first half of 2015, which represents a 24% increase compared to the same period of last year, according to a Wall Street Journal analysis of company reports. In H1 2015, government requests for user data from Facebook rose 141% in Turkey, compared to the 2014 figures, while in Russia requests for user information from Google rose 122% in the same period.
Digital Single Market
EU: European Parliament votes in favour of the Digital Single Market report
On 19 January, the European Parliament voted toapprove its own initiative report on the Digital Single Market draftedby MEP Kaja Kallas (ALDE, Estonia) and MEP Evelyne Gebhardt (S&D, Germany). The report comes as a response to the European Commission’s Digital Single Market Strategy and was hailed with 551 votes in favour, 88 votes against and 39 abstentions.
The report urged the European Commission to promote limited liability for intermediaries. Oliver Süme, President of the European Internet Services Providers Association (EuroISPA), welcomed the broad support of MEPs to the intermediary liability principle which allows an environment for innovation.
Responding to the Members of the European Parliament that same day, Andrus Ansip, Vice-President of the European Commission in charge of the Digital Single Market announced a concrete timeline for legislative proposals and initiatives for 2016. In June, the European Commission will present the second part of the copyright reform; in November, measures on free flow of data and the ePrivacy review can be expected.
EU/Global: Code Week 2015 sets a new record
The 2015 edition of the EU Code Week set a new record, as almost 570,000 people took part in the different events organised from 10 to 18 October 2015 in 48 countries (including EU Member States, the United States and Australia).
Italy was the country with the highest number of events (2,369), followed by Poland (2,064) and Spain (509). In total, over 526,000 participants from the EU took part in the Code Week. Most of the events targeted primary school children (44%).
This year’s edition of the EU Code Week will take place between 15 and 23 October 2016.