Privacy Shield is a major improvement but raises concerns, said the EU Article 29 Data Protection Working Party (WP29) Wednesday. The draft EU-U.S. agreement, announced in February (see 1602290003), is the successor to the safe harbor arrangement for trans-Atlantic personal data flows. "Our first reaction to it was very positive," said Isabelle Falque-Pierrotin, chairwoman of French data protection authority CNIL (Commission nationale de l’informatique et des libertés). But she said data protection regulators have problems with some provisions. Falque-Pierrotin said companies can continue to use binding corporate rules and model contract clauses for shifting data to the U.S. until the European Commission makes a decision on Privacy Shield. Industry and consumer reaction ranged from wariness to criticism.
EU transaction reviews might need to be revamped for digital companies, said Competition Commissioner Margrethe Vestager, though others were skeptical. The digital economy "isn't just one sector among many," and mergers and acquisitions don't "just affect how we buy goods and services," Vestager said Thursday in a Brussels speech. "They can change the way we live, and the opportunities we have," which is why competition authorities may have to look at more than just revenue to decide if there are antitrust issues, she said. Considering factors such as customer base or data sets in M&A probes is a reasonable approach, but it's not clear it will ever happen, telecom consultants told us.
The Apple/FBI standoff is being closely watched in the U.K. and elsewhere in Europe, experts said in interviews this week. The company is resisting FBI and Justice Department requests to help the FBI break the encryption on an iPhone used Dec. 2 by one of the attackers in San Bernardino, California (see 1602170068). The ensuing legal battle in federal court in California sparked a House Judiciary Committee hearing Tuesday (see 1603010013) and requests by some legislators and industry for Congress to empower a panel to give guidance (see 1602290074).
Documents detailing Privacy Shield, safe harbor's successor agreement for trans-Atlantic personal data flows, emerged Monday from the European Commission. EU data protection authorities (DPAs) in the Article 29 Data Protection Working Party will now analyze the text "with great attention" before finalizing a draft opinion to be approved at an April 12-13 plenary meeting, the WP said Monday. U.S. bulk data collection is likely to remain a key concern for DPAs, said Hogan Lovells (London) privacy attorney Eduardo Ustaran. Max Schrems, whose challenge in the European Court of Justice (ECJ) led to the abolition of safe harbor, predicted further lawsuits. Industry groups welcomed the text; privacy and consumer rights advocates bashed it.
Europe has made progress in the digital arena since last year, but continues to lag behind the U.S. and some other countries, said Digital Economy and Society Commissioner Günther Oettinger at Thursday's webcast Brussels Digital4EU conference. The 2016 Digital Economy and Society Index (DESI), also released Thursday, measured 30 indicators in all 28 member states. Results showed that although there is forward movement in connectivity, digital skills, public services and other areas, the rate of progress is slowing. "We have to catch up; we're in a race," Oettinger said. Europe has some big players but, unlike the U.S. and some other nations, no clear strategies for developing new digital services, apps and smartphones, he said. The European Commission will publish its first report on digital progress in all 28 member nations in May, he said.
Pending and approved U.K. telecom mergers are heightening attention on EU and national competition regulatory approaches, lawyers and consultants told us. With the approval without conditions last month by the U.K. Competition and Market Authority (CMA) of the BT/EE merger, all eyes are now on what the European Commission will do about the proposed link-up of Hutchison's Three and Telefónica's O2. These and other tie-ins continue to raise questions about how many mobile players are needed for a competitive market and whether consolidation boosts network investment. "It is very interesting times," said Hogan Lovells (London) technology and telecom attorney Don McGown.
European data protection officials are largely in the dark about the EU-U.S. Privacy Shield, said Article 29 Data Protection Working Party (WP) Chairwoman Isabelle Falque-Pierrotin at a Wednesday media briefing. The new arrangement for the trans-Atlantic transfer of Europeans' personal data was announced Tuesday to cheers from industry and skepticism from privacy groups and others (see 1602020040). The WP hasn't seen the documents, so it can't analyze them to see if the new regime is legally binding and relieves all of the concerns raised by the European Court of Justice (ECJ) Schrems decision, Falque-Pierrotin said.
Cyberspace good guys and bad guys have both become more advanced, said the European Union Network and Information Security Agency (ENISA) in a 2015 threat landscape report. While the good guys have shown better cooperation and more orchestrated reactions to cyberthreats, the bad guys "have advanced their malicious tools with obfuscation, stealthiness and striking power," it said. Cloud and mobile computing are the top emerging threats, it said. EU-wide cybersecurity rules are expected to be finalized by summer, said an EU diplomatic source.
Despite a continuing lack of consensus on a new safe harbor agreement, talks between the EU and U.S. are moving quickly, stakeholders said in interviews last week. Those involved are optimistic because there's momentum, said Linklaters (Brussels) privacy and data protection lawyer Tanguy Van Overstraeten. The EU Article 29 Data Protection Working Party (WP) said Oct. 16 if there's no new arrangement with the U.S. by the end of January, and depending on assessment of other data transfer tools, national data protection authorities (DPAs) would take all necessary and appropriate actions, including enforcement, to ensure personal data sent to the U.S. are protected (see 1510160030).
Responses to a European Commission inquiry into possible regulation of Internet platforms show strong opposition to upping the responsibility of service providers for policing content and to the EC's very definition of an online platform. Telco, Internet, consumer and digital rights groups agreed on several of the key issues raised in the consultation on the regulatory environment for platforms, online intermediaries, data and cloud computing and the collaborative economy. The consultation ended Wednesday, and the EC said it will now assess and summarize the results in a report. The commission hasn't posted the responses, but several organizations released theirs and others made them available to us.