A European legal adviser called parts of the Privacy Shield data transfer pact between the EU and U.S. invalid. European Court of Justice Advocate General Henrik Saugmandsgaard Oe said Thursday standard contractual clauses (SCCs) for transferring personal data outside the EU are OK, but the PS may not be in light of Europe's newer data privacy regulations. While such advocate general opinions aren't binding, they are generally adopted by the EU's top court. Some U.S. interests said the 97-page opinion sparks fears about PS.
Dugie Standeford
Dugie Standeford, European Correspondent, Communications Daily and Privacy Daily, is a former lawyer. She joined Warren Communications News in 2000 to report on internet policy and regulation. In 2003 she moved to the U.K. and since then has covered European telecommunications issues. She previously covered the U.S. Occupational Safety and Health Administration and intellectual property law matters. She has a degree in psychology from Duke University and a law degree from the University of Tulsa College of Law.
As governments increasingly seek to control aspects of the internet, debate is growing over what they're trying to achieve. Some argue countries such as China and Russia aim for a technical break from the global domain name system (DNS). Others said nations are seeking to align the internet with their jurisdictional boundaries. The issues came up in recent academic writings and a Nov. 27 Internet Governance Forum (IGF) session.
ICANN should delay the sale of the Public Interest Registry to a private equity firm until concerns about possible censorship, high domain name prices and other issues are addressed, more nonprofits are asking. The transaction, announced Nov. 13 (see 1911130029), involves the sale of PIR's assets to Ethos Capital. Despite assurances from the buyer and the seller, the Internet Society, opposition is growing. ICANN requested more information about the deal and urged the parties to act openly and transparently.
The Council of Europe is exploring the need for global laws on artificial intelligence, it said. The human rights organization is taking part in an Internet Governance Forum event this week in Strasbourg during which representatives from governments, international organizations, business, civil society, academia and the IT sector will discuss internet policy issues such risks to human rights from advanced technologies. A CoE ad hoc committee on AI (CAHAI), which includes representatives from the organization's 47 members, met Nov. 18-20 to consider the feasibility of rules on developing, designing and using AI based on CoE standards on human rights, democracy and the rule of law. The implications for human rights and democracy "are manifold and we need to be able to answer the challenges for individuals but also for the whole society," emailed Jan Kleijssen, CoE director-information society, action against crime. The meeting "clearly revealed the high level of interest paid by member States to CAHAI." Participants agreed to a feasibility study that will map work on AI already done within the CoE and other bodies, plus relevant legally binding and soft-law instruments. The exercise is expected to help identify the main risks and opportunities from the development and use of AI, Kleijssen said. Participants will look at what principles should be applied to creating and using AI, and consider what the most suitable legal framework is. They discussed the impact of AI on people and society, plus different AI policies, particularly those of the U.S., France, Germany and Russia. The panel will report to the CoE Committee of Ministers in May on its progress, and will launch a "comprehensive consultation to build a legal framework that answers to the need and expectations of the citizens." Asked whether, given numerous ongoing AI activities, it will be difficult to set any sort of global rules, Kleijssen noted EU common standards on respect for human rights, rule of law and democracy to which all CoE members are committed. The council is part of global efforts to address challenges of using digital technologies, including AI, and cooperates closely with other organizations such as the EU, UN and Organisation for Economic Co-operation and Development.
Efforts to update broadcaster signal protections made limited progress at last week's meeting of the World Intellectual Property Organization Standing Committee on Copyright and Related Rights (SCCR), but are moving toward a diplomatic conference (DipCon), participants told us. In his draft meeting summary, Chairman Daren Tang said talks on definitions, object of protection and rights to be granted were held in informal sessions with a view to clarifying technical issues and delegations' positions. A revised version of the text will be on the agenda for the next SCCR meeting, in spring. Progress was made on several points, we're told, including: (1) Rights to be granted, which seeks to accommodate different legal systems. (2) How to protect certain types of transmissions in particular live events. (3) New language on rights management information, which involves the concept of watermark used in program-carrying signals to monitor the uses made of them. (4) Whether to retain or delete "transmission over computer networks." Talks "started off well," with many delegations pressing to finalize the text to meet WIPO General Assembly instructions aimed at getting to a DipCon in 2020-21, emailed European Broadcasting Union Head-Intellectual Property Heijo Ruijsenaars. Informal discussions involved definitions and the scope of the treaty but then stalled on "lengthy discussions on how to deal with the (rather exceptional) situation where the foreign broadcaster would have no other option than to rely on protection of its programming content, rather than on the protection of its signal," he said. This is a minor issue relevant only to the U.S., and, meanwhile, one of the "big issues" -- protection of online rights -- remains largely unresolved, he said. To not lose momentum, continued drafting work is needed between now and the next meeting, Ruijsenaars said. Nevertheless, the committee moved a step closer to its DipCon goal, he said. The text is "still a mess," but there was very little opposition to moving to DipCon, emailed Knowledge Ecology international Director James Love.
The European Commission sees "good progress" with Privacy Shield after three years, said European Justice, Consumers and Gender Equality Commissioner Vera Jourova Wednesday. The EC's third review of the trans-Atlantic personal data transfer system found the U.S. followed last year's recommendations, and that about 5,000 companies participate, she said. After EC urging, the U.S. appointed a permanent ombudsman to ensure Europeans' complaints about national security are properly resolved; the Department of Commerce is more attentive to exercising oversight; and the FTC stepped up investigations. PS became a "good tool of digital diplomacy" that spurs dialogue, with several U.S. states and the federal government now talking about data protection legislation, Jourova said. The report noted several issues with practical implementation, and recommended Commerce shorten various periods granted companies to complete recertification, and develop tools for detecting false claims of participation from companies that never applied for certification, and that the FTC prioritize finding ways to share meaningful information about ongoing investigations with the EC and EU data protection authorities. "Privacy Shield remains a successful instrument for the protection of European citizens' data and an essential tool for the safe transfer of commercial data between the two largest trading partners," said Computer & Communications Industry Association European Senior Manager Alexandre Roure. The pact is working but in jeopardy, said Center for Data Innovation Senior Policy Analyst Eline Chivot. The European Court of Justice hasn't ruled whether European citizens' personal data can be transferred to the U.S., a decision expected early next year. This positive review shows the "landmark initiative continues to be a reliable and stable mechanism" for smooth, secure data flows, said Information Technology Industry Council Vice President-Europe Guido Lobrano.
Growing use of 5G networks for emergency services raises security issues that must be addressed, stakeholders said in recent interviews. Emergency communications systems are subject to hacking, jamming, human error and poor software development, they said. Policies that encourage reliability and security are key, said National Emergency Number Association (NENA) Technical Issues Director Brandon Abley.
Online platforms can be ordered to monitor for future sightings of content previously determined to be illegal, the European Court of Justice ruled Thursday in a case that could upend Europe's intermediary liability e-commerce directive. The high court said in Eva Glawischnig-Piesczek v. Facebook that EU members could order hosting companies to remove or block access to information "identical" or "equivalent" to content already declared illegal, including worldwide. Along with platform liability, ECJ raises issues of conflicts of law, free speech and mandatory content monitoring, representatives from the tech industry, digital rights activists, telecom sector and academia told us.
Tech companies cheered Tuesday's ruling that the right to be forgotten by search engines doesn't apply outside the EU. The case involved a dispute between Google and French privacy authority CNIL (Commission nationale de l’informatique et des libertes) over whether a subject's request to have links to web pages containing personal data delisted must be honored worldwide. The CNIL said the European Court of Justice didn't buy its approach to that right, but it provided some clarity. One privacy lawyer predicted the ruling won't change much, but a reputation protection firm said it could affect job-seekers for many years.
Now one year old, the general data protection regulation is bearing fruit, said European Justice, Consumers and Gender Equality Commissioner Vera Jourova at a Wednesday briefing. The European Commission published its first assessment of the GDPR, saying it's working well, but more work is needed to make it fully effective. The report reached three conclusions, Jourova said. "Data protection finally matters" and people are starting to care about their privacy. The EU is "entering a digital era on a strong footing" as data protection rules become part of other policies such as artificial intelligence. And Europe's data protection rules "open up possibilities for digital diplomacy to promote data flows based on high standards between countries that share EU values." The EC still has some concerns, she said: Some EU members are "gold-plating" the regulation by adding new provisions into national laws. There are fewer complaints from businesses that see the "doom scenario" didn't materialize, but too many companies, especially smaller ones, remain uncertain about the measure. The EU has become "the rule maker for the world," with more countries using the regulation as a reference point for adopting privacy laws, she said. Greece, Portugal and Slovenia haven't adopted the GDPR into their law. Asked whether the EC is considering formal enforcement actions, Jourova said she won't hesitate to launch such procedures where appropriate and is talking with EU members to resolve the issues.