Dugie Standeford

U.S. government is "always mindful of the uncertainty" about Privacy Shield and is doing its best to ensure the trans-Atlantic personal data transfer framework continues to work for American companies, James Sullivan, deputy assistant secretary of the Department of Commerce International Trade Administration, told reporters Thursday. There are legal and political challenges plus questions about when the Trump administration will appoint the permanent ombudsman required by PS, he said. European Justice, Consumers and Gender Equality Commissioner Vera Jourova said Wednesday she's losing patience over the time it's taking to do so, and that if the position isn't filled by the end of February, the EC will consider cracking down (see 1812190002). Europe calls the role a "permanent ombudsman," but Sullivan stressed that the acting official, Manisha Singh, has all powers needed. Any ombudsman will always be "independent, experienced and empowered" according to the terms of PS, said Sullivan. The nomination process is underway, and so far, no requests for assistance from the office have been received, he said: The State Department has made public the ombudsman's procedures about how the system works. His office is sensitive to EU concerns about the situation, but an ombudsman mechanism has been fully resourced for two years and is functioning, added Sullivan. He cited the European Commission's "very positive second annual review" of the system, saying the EC made clear PS is a success and EU-U.S. collaboration over the past year enhanced it. Since the system's August 2016 launch, over 4,200 companies have committed to it, most small to mid-sized enterprises, he said.

U.S. authorities "are living up to their commitments" and Privacy Shield works, but the European Commission may be forced to act if no permanent ombudsman is appointed by Feb. 28, European Justice, Consumers and Gender Equality Commissioner Vera Jourova told reporters Wednesday. Such actions could include limiting access by U.S. government bodies to Europeans' personal information or even suspending PS, she said. Despite the warning, the EC's second review of the trans-Atlantic personal data transfer system showed the U.S. has implemented most recommendations from last year's report, she said. Asked why it has taken so long to put an ombudsman in place, Jourova said that in March 2017, the U.S. administration asked her to be patient because so many posts needed Senate confirmation. Now, she said, "my patience is coming to an end." The report noted that as of now, "the Ombudsman mechanism had not yet received any requests," but a complaint to the acting ombudsman "had been submitted to the Croatian data protection authority and the relevant checks were ongoing." If the EC is "forced to take steps" over the appointment, it could amend PS in ways that could make compliance by U.S. companies more cumbersome or suspend the system altogether, Jourova said. The review found the Department of Commerce boosted its certification process and introduced new oversight procedures, including requiring first-time applicants to refrain from advertising their membership until their certification is complete. DOC also is "actively" using tools to catch companies that falsely claim membership and has referred more than 50 cases to the FTC, which took enforcement actions when needed, the EC said. The FTC has started issuing administrative subpoenas to seek information from some shield participants, it said. The review noted growing discussion in DOC and FTC on a federal approach to data privacy, and cheered the naming of a full quorum of Privacy and Civil Liberties Oversight Board members. The FTC "welcomes the European Commission’s conclusion that Privacy Shield continues to provide an adequate level of protection," a spokesperson emailed. The DOC and its NTIA and International Trade Administration had no comment. The Computer & Communications Industry Association commended the "thorough review."

Efforts to finalize a deal on updated EU copyright rules failed Thursday, leaving talks between the European Parliament and Council to be taken up again under the Romanian Presidency, which begins Jan. 1. The Dec. 13 "trilogue did not resolve all issues" and it's unclear when the next meeting will be, emailed a Council spokesperson. Asked whether the outstanding issues are still Article 13, which would require platforms to monitor uploads for copyright infringement, and Article 11, which would give press publishers a new right to remuneration, he said, "Basically yes." Heavy lobbying for and against both articles continued before the trilogue meeting. The plan by the current Austrian Presidency to finish negotiations last week seemed "very ambitious," Member of the European Parliament Julia Reda, of the Greens/European Free Alliance and Germany, told us earlier this month. "We are nowhere near a compromise on the most controversial articles 11 and 13." In a Dec. 13 post, she noted that major film industry associations -- including the Motion Picture Association and Association of Commercial Television in Europe -- and sports leagues wanted their sectors expressly excluded from Article 13 because the Council and Parliament versions would both end up benefiting big platforms. Others opposing the provision include the Computer & Communication Industry Association and European Digital Rights (see 1809120001). News publishers, meanwhile, said failure to negotiate a workable neighboring right to remuneration for press publishers would "condemn consumers to a future of news experienced through the lens of Google" since the provision would require Google to secure licenses to use their content. Google Vice President-News Richard Gingras blogged earlier this month that Article 11 could change the principle of equal access to information by requiring online services to strike commercial deals with publishers to show hyperlinks and short news snippets, forcing platforms to make decisions about what content to include.

Europe's net neutrality rules are working well but could be tweaked, the Body of European Regulators for Electronic Communications (BEREC) said in an opinion Wednesday. Stakeholders are primarily concerned about being allowed to innovate and having harmonized, clear and flexible application of the EU open internet regulation and BEREC's guidelines, it said. Consumers generally agreed the system is working but said national regulators should be harder on zero rating. One academic said the EU's regulatory approach, unlike that of the U.S., stifles innovation.

Social media platforms must act quickly to counter fake news or face possible regulation, the European Commission said Wednesday. It announced a plan against disinformation aimed at protecting democratic systems and public debate before 2019 national and local elections, including a "rapid alert system" among EU institutions and countries to make it easier to share data and assess disinformation campaigns, and close monitoring of a self-regulatory code of practice signed in October by Facebook, Google, Twitter and Mozilla. Signatories "should swiftly and effectively implement" commitments, focusing on actions urgent for elections, the EC said. That includes ensuring transparency of political advertising, ramping up efforts to shutter fake accounts, labeling non-human interactions, and cooperating with fact-checkers to detect disinformation campaigns and make fact-checked content more visible. The plan seeks better detection via more specialized staff and data analysis tools, backed by a funding increase from 1.9 million euros ($2.2 million) to 5 million euros ($5.8 million); and for promoting media literacy among Europeans. Platforms have until the end of 2018 to update the EC on compliance, and must report monthly January-May. Without satisfactory progress, the EC may propose further measures, including regulation, it said. Asked at a news briefing whether 5 million euros was enough to counter the massively financed activities of Russia Today, Sputnick and Russian trolls, EC Digital Single Market Vice-President Andrus Ansip said the goal isn't to recreate the kind of propaganda machine Russia has but to detect disinformation, find out who's behind it and use facts to debunk lies. Asked whether the EC has faith that Facebook will tackle disinformation given that the platform allowed Russian bots to access its services -- discovered in a U.K. parliamentary inquiry -- Justice Commissioner Vera Jourova said everything the EC does concerning self-regulatory measures affecting information and technology companies is based on "trust and check." Google and Facebook didn't comment. Twitter's "No. 1 priority is improving the health of the public conversation," a spokesperson said. "Tackling coordinated disinformation campaigns is a key component." He said Twitter is working on a partnership with UNESCO on online media and information literacy.

Defining "deferred transmission" is the key stumbling block in talks on a World Intellectual Property Organization treaty updating broadcaster protections against signal piracy, said Standing Committee on Copyright and Related Rights Chair Daren Tang during the Nov. 26-30 meeting. SCCR delegations need a "very, very firm discussion at the next round" of negotiations on deferred transmissions, said Tang, CEO of the Singapore Intellectual Property Office. He floated a revised consolidated document that for the first time gathers all proposals in one text. Stakeholders have some optimism but said more work remains.

Internet law must derive from globally agreed principles, representatives from nine parliaments said in a declaration signed Tuesday in London. The members of an "international grand committee" investigating disinformation and "fake news" noted that the "world in which the traditional institutions of democratic government operate is changing at an unprecedented pace." Legislatures and governments must urgently ensure that citizens' fundamental rights and safeguards aren't violated or undermined by the unchecked march of technology, they said. "Representative democracy is too important and too hard won to be left undefended from online harms." The declaration's principles state: (1) The internet is global and the law relating to it must have globally agreed principles. (2) Deliberate spreading of disinformation is a credible threat to democracy. (3) Global technology companies must recognize their great power and show they're ready to accept responsibility. (4) Social media companies should be held liable if they fail to comply with judicial, statutory or regulatory orders to take down harmful and misleading content from their platforms. (5) Tech companies must demonstrate accountability to users by making themselves fully answerable to national legislatures and other organs of representative democracy. Signers represented Argentina, Belgium, Brazil, Canada, France, Ireland, Latvia, Singapore and the U.K. Lawmakers took testimony Tuesday from, among others, Facebook Vice President-Policy Solutions Richard Allan and U.K. Information Commissioner Elizabeth Denham. Legislators at the hearing called it unprecedented, given the breadth of countries represented. They chastised Facebook for not sending CEO Mark Zuckerberg. The company declined further comment to us, as did the Internet Association. "I wouldn't characterize the decision as a 'blowing off'" of the invitation for Zuckerberg to appear, Allan responded to Charlie Angus of Canada's House of Commons, who used that phrase and said the company "lost the trust of the international community to self-police." "Our intent is to be there, to answer the questions that you have" at appearances in various countries, Allan said, apologizing. Zuckerberg and the company are engineering fixes, Allan said. "I will not disagree with you that we have damaged public trust through some of the actions we have taken," Allan said. He acknowledged the company had hired Definers, a firm it's stopped working with that targets critics (see 1811230021). He said a "regulatory framework" may be needed. It's not "up to Facebook to determine what regulatory structure it ought to be under, it's up to parliaments," the U.K.'s Damian Collins said. "That's why we're here."

The Oct. 20-25 ICANN meeting left a key question hanging, stakeholders said: Whether policy for aligning the Whois database of domain registrants with the EU general data protection regulation (see 1810220002) should take precedence over how to give access to nonpublic information to legitimate requesters such as law enforcement. As talks on an expedited policy development process (ePDP) to replace the "temporary specification" on Whois GDPR compliance continued, some wanted work to proceed in parallel on some sort of unified access model (UAM). The idea is backed by governments and the business (BC) and intellectual property constituencies (IPC) but opposed by noncommercial users, registrars and others.

BARCELONA -- ICANN faces five key challenges for which it must rethink its vision, Chairman Cherine Chalaby said at Monday's opening of the internet body's weeklong meeting. He cited exponential growth in security problems that challenge security and stability of the Domain Name System; the possibility the multistakeholder system could become more expensive but less effective as it scales up; and that new unique identified regimes are emerging. He said growing importance of the internet to all sectors increases the possibility governments will try to control the DNS, and domain name market consolidation makes expansion of the generic top-level domain name (gTLD) space uncertain.

Personal data transfer mechanism Privacy Shield appears likely to emerge successfully from the European Commission review that begins this week. "I'm quite sure it will pass," emailed Hogan Lovells (London) data protection lawyer Eduardo Ustaran. "I may be wrong but I do not expect a revolution," emailed Linklaters (Brussels) privacy attorney Tanguy Van Overstraeten. "The next important step will be the court review." Data Protection Commissioner v. Facebook was referred by the Irish High Court to the European Court of Justice in April.