The U.S. now ensures sufficient privacy protection to allow Europeans' personal data to be transferred there, the European Commission said Monday. Its long-awaited adequacy decision allows personal data to flow between the U.S. and EU under the terms of the Data Privacy Framework negotiated by the two regions. The framework introduces new binding safeguards to address all the concerns of the European Court of Justice in Schrems II, including limiting access to EU data by U.S. intelligence services to what is necessary and proportionate, and creating a data protection review court which EU residents can access if they believe their data has been misused, the EC said. It will periodically assess how the framework is working, starting a year from the date the decision takes effect. The U.S. government said Wednesday it had fulfilled all its commitments to allow trans-Atlantic data flows to resume (see Ref:2307030035]). Completion of the adequacy decision was cheered by the Computer & Communications Industry Association. "This is a major breakthrough," said Europe Public Policy Director Alexandre Roure: "After waiting for years, companies and organisations of all sizes on both sides of the Atlantic finally have the certainty of a durable legal framework" for personal data transfers. None of Your Business Chair Max Schrems, who successfully challenged former regime Privacy Shield, said he expects this matter to be "back at the Court of Justice by the beginning of next year." There are various options for a challenge that should arrive at "an answer if the Commission's tiny improvements were enough or not." Privacy advocates continue to contest U.S. bulk data collection and redress mechanisms, he said. The framework is “critical to returning legal certainty for U.S. businesses relying on the data flows that underpin the $7.1 trillion transatlantic relationship," said U.S. Chamber of Commerce Senior Vice President-Europe Marjorie Chorlins in a statement. It will “safeguard the privacy rights of individuals, while facilitating data flows which are the lifeblood of economic growth and innovation.”
A bill requiring tech platforms to pay media companies usage fees when carrying news content in California violates the First Amendment and would encourage hate speech, the Computer & Communications Industry Association said Thursday. The California State Assembly voted 46-6 to advance the California Journalism Preservation Act (AB-886) (see 2306010073). The bill is on the agenda for a Senate Judiciary Committee hearing Tuesday. AB-886 “requires private companies to carry speech in direct violation of the First Amendment,” said CCIA President Matt Schruers. “It also forces digital services to publish and pay producers of dangerous content at a time when these services are working to limit the spread of misinformation in their communities.”
The European Commission proposed new rules Tuesday to “ensure stronger” enforcement of the general data protection regulation in cross-border cases. The new rules attempt to harmonize procedures in cross-border cases and allow defendants and complainants the right to be heard earlier in their cases during European Data Protection Board review. Defendants would be able to have their cases heard in court during EDPB dispute resolution before authorities decide whether to fully or partially reject a complaint. The proposal establishes common rights for complainants to be “heard in cases where their complaints are fully or partially rejected.” The proposal makes “some small steps” toward improving cross-board procedures, but it fails to address “major shortcomings,” said Alexandre Roure, Computer & Communications Industry Association public policy director-Europe. CCIA hopes the European Parliament and EU member states will “reinforce defendants’ most basic rights, including the right to appeal EDPB decisions against them and the right to a fair hearing within a realistic time frame.” According to CCIA, when privacy authorities escalate the case to the EDPB, defendants will “only have one week (two weeks in limited cases) to respond to new allegations or alleged evidence brought forward by the EDPB.” The proposal fails to “improve complainants’ rights to be heard and to get access to timely and important information from the investigation an authority carries out,” European consumer advocacy group BEUC said in a statement. Authorities often respond with painstakingly slow enforcement, particularly in cross-border cases, said BEUC: The new proposal fails to add mechanisms to allow complainants to get access to timely information in cases. “Weak and slow enforcement only suits Big Tech and other companies who make money from trampling on people’s right to personal data protection,” said BEUC Deputy Director General Ursula Pachl.
Spending on computer and storage infrastructure products for cloud deployments increased 14.9% worldwide year over year in Q1 to $21.5 billion, IDC reported Wednesday. Non-cloud spending declined 0.9% to $13.8 billion. The cloud infrastructure segment's unit demand was down 11.4% in Q1, but average prices grew by 29.7%, IDC said. "Cloud infrastructure spending remains resilient in the face of macroeconomic challenges," said Kuba Stolarski, research vice president for IDC's Infrastructure Systems, Platforms and Technologies Group. "The segment is grappling with substantial price hikes and Q1 marked the second consecutive quarter of declining system unit demand,” Stolarski said: “Although the overall outlook for the year remains positive, its growth hinges on the expectation that volume will drive it.”
The U.S. has “fulfilled its commitments” for implementing the EU-U.S. Data Privacy Framework, Commerce Secretary Gina Raimondo said Monday (see 2304050062). Commitments include Attorney General Merrick Garland’s designation of the EU and three other countries as qualifying states subject to a redress mechanism established under executive order 14086 on Enhancing Safeguards for U.S. Signals Intelligence Activities, she said. The Office of the Director of National Intelligence on Monday “confirmed that the U.S. Intelligence Community has adopted its policies and procedures pursuant to EO 14086,” Raimondo said. The U.S. is committed to “facilitating data flows between our respective jurisdictions while protecting individual rights and personal data,” she said. The Computer & Communications Industry Association applauded the administration’s efforts to sustain transatlantic data flows. President Matt Schruers urged EU member states to “approve the adequacy decision without delay to restore legal certainty for businesses on both sides of the Atlantic.”
The FTC’s designated agency ethics official is a “dedicated, honest, career civil servant who follows” the rules, FTC Chair Lina Khan said Friday in response to reports Lorielle Pankey acted improperly. House Judiciary Committee Chairman Jim Jordan, R-Ohio, and House Commerce Committee Chair Cathy McMorris Rodgers, R-Wash., have questioned ethics practices at the agency under Khan (see 2306280063). The Wall Street Journal reported Pankey owned stock in Meta when she advised Khan to recuse herself from a case involving the company. Khan issued a joint statement with Democratic Commissioners Rebecca Kelly Slaughter and Alvaro Bedoya: “We stand behind and are proud of our career staff. We are extraordinarily lucky to have highly professional and skilled colleagues who tirelessly work to preserve fair competition and protect Americans from unlawful business practices.”
The FTC is seeking comment on a proposed rule to stop companies from using fake reviews and endorsements. The agency announced a notice of proposed rulemaking to combat fake reviews, suppression of honest negative reviews and payment for positive reviews. The rule would “trigger civil penalties for violators and should help level the playing field for honest companies,” said Consumer Protection Bureau Director Samuel Levine. The commission voted 3-0 to approve the NPRM.
The continued lack of a national cyber director is a “challenge” to implementing a national cyber strategy (see 2303020051), the GAO said Thursday. National Cyber Director Chris Inglis announced his departure in February, and a replacement hasn’t been named, the agency noted. “This vacancy leaves unfilled a key leadership role needed to coordinate the federal efforts to address cybersecurity threats and challenges,” the agency said. “Further, sustained leadership in this position is essential to ensuring strategy execution and accountability.” The GAO urged the administration to “establish specific objectives and performance measures, resource requirements, and roles and responsibilities” in order to carry out the cyber strategy.
The FTC issued final revised advertising guidelines Thursday to ensure companies’ product reviews and endorsements are “truthful.” The agency solicited comment in May 2022 on the guidelines (see 2209270065), which advise businesses on what’s unfair or deceptive. The guidelines were last updated in 2009. The commission voted 3-0 to approve publication of the revised guides. Revisions include new principles for ad distortion when companies boost or suppress content; guidelines for incentivized reviews and fake negative reviews of competitor products; a new definition for “clear and conspicuous"; clarification that a “platform’s built-in disclosure tool might not be an adequate disclosure"; clarified definitions for fake reviews and virtual influencers; clarification for liability of advertisers, endorsers and intermediaries; and emphasis that “child-directed advertising is of special concern.”
Companies shouldn’t be forced to turn over sensitive data to competitors and European governments under the threat of massive fines authorized under the EU’s Data Act, the U.S. Chamber of Commerce said Wednesday. EU officials reached agreement on the Data Act Tuesday. European Commissioner for Internal Market Thierry Breton called it a “milestone in reshaping the digital space.” The chamber cited concerns about the legislation’s impact on competition, investment and innovation. “We urge EU policymakers to engage in dialogue with stakeholders, including American businesses, as the Act is finalized and implemented,” said Sean Heather, senior vice president-international regulatory affairs and antitrust.