The European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR.
At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope.
These guidelines should help provide a common interpretation of…
Cyberspies can’t count on anonymity any more.
The United States (and the private security firm Mandiant) stripped a PLA espionage unit of its cover two years ago with a detailed description of the unit’s individual hackers; that report was followed by federal indictments of members of the unit that described them and their activities is…
Since the European Court of Justice (ECJ) startled the Internet sector and world at large last week by its finding in the Google v. AEPD case that there is a “right to be forgotten” under the EU Data Protection Directive, there has been extensive speculation what the decision will mean for Google and other search…
We used to talk about the “borderless” environment of the Internet. These days, that view is looking increasingly outmoded and utopian, in large part because of the intersection of law enforcement and privacy concerns. Steady increases in regulation (and enforcement of existing regulation) in these areas is increasingly prompting two types of responses by global…
Depending on the new Commission’s level of ambition when it takes office in the Autumn, this week’s European Court of Justice preliminary ruling (Cases C-293/12 and C-594/12), which found a 2006 Directive invalid, could prove an opportunity to re-think the EU approach to privacy and protecting personal data.
When we think about the EU and…
I’ve been critical of the claim that European privacy law offers more protection against government surveillance than American law. Apparently not critical enough. An Ars Technica reporter with a pro-privacy inclination decided to seriously investigate using a German email system to get the benefits of European privacy law.
His tale of disillusionment revealed three…
The New York Times recently ran a story arguing that, after the Snowden revelations, Europe would have to build its own cloud computing industry to protect European privacy. I was moved to send the Times a letter in response. The Times edits such letters pretty heavily, so I’m sharing it here:
You left some critical…
Officials in the EU often deride the lack of a national data protection authority in the US. It is absurd to suggest that the existence of a national DPA is itself a litmus test for a country’s commitment to privacy protection. Indeed, I would put the US system of constitutional checks and balances and sectoral…
The International Association of Privacy Professionals has published my article on how US cloud providers and the US government can respond to the wave of hypocrisy from the EU over PRISM. The full article can be found here.
I will be testifying today to the full House Judiciary Committee about FISA, NSA and the Snowden flap. You can download my full prepared remarks here.
In short
…
