Header graphic for print

Steptoe Cyberblog

European Data Protection Board Adopts Draft Guidelines on Territorial Scope of General Data Protection Regulation (GDPR)

Posted in Data Breach, European Union, International, Security Programs & Policies

The European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR.

At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope.

These guidelines should help provide a common interpretation of the broad territorial scope of the GDPR, often referred to as its long-arm jurisdiction, and further clarify how the GDPR applies to data controllers or processors established outside of the EU – for example, in the US – targeting individuals in the EU. The Guidelines will include guidance on the requirement to designate a representative in the EU. This is required unless the processing is carried out by a private entity or natural person and (i) is occasional, (ii) does not include, on a large scale, processing of special categories of data or data relating to criminal convictions and offences, and (iii) is unlikely to result in a risk to the rights and freedoms of natural persons.

The guidelines will be subject to public consultation, via the EDPB’s consultation link available here.

Episode 233: Outing the GRU

Posted in Blockchain, Data Breach, European Union, International, Privacy Regulation, Russia

 

In this news-only episode, Nick Weaver and I muse over the outing of a GRU colonel for the nerve agent killings in the United Kingdom. I ask the question that is surely being debated inside MI6 today: Now that he’s been identified, should British intelligence make it their business to execute Col. Chepiga?

Continue Reading

Stewart Baker Appears on This Week in Law

Posted in Cybersecurity and Cyberwar, European Union, International, Security Programs & Policies

Earlier this month, Stewart appeared as a guest on Episode 434 of This Week in Law with Denise Howell.

Members of Congress want to know the potential impact of deepfakes, India’s Aadhaar ID database is hacked, EU could fine companies for not removing terrorist content in an hour, U.S. policy on Cyber warfare, vending machines DDoS a University and more!

Watch and listen to the full episode here:
 

Episode 232: “I’m afraid you can’t say that, Dave.” Will AI save the Internet from Vladimir Putin – and Matt Drudge?

Posted in AI, China, Cybersecurity and Cyberwar, European Union, International, Russia

 

Our guest is Peter W. Singer, co-author with Emerson T. Brooking of LikeWar: The Weaponization of Social Media. Peter’s book is a fine history of the way the Internet went wrong in the Age of Social Media. He thinks we’re losing the Like Wars, and I tend to agree. It’s a deep conversation that turns contentious when we come to his prescriptions, which I see as reinstating the lefty elite that ran journalism for decades, this time empowered by even less self-doubt – and AI that can reproduce its prejudices at scale and without transparency.

Continue Reading

Episode 231: Ah, September, when Europe unleashes a summer’s worth of crazy

Posted in European Union, International, Privacy Regulation

 

Our interview this week is with Hon. Michael Chertoff, my former boss at Homeland Security and newly minted author of Exploding Data: Reclaiming Our Cyber Security in the Digital Age. The conversation – and the book – is wide ranging and shows how much his views on privacy, data, and government have evolved in the decade since he left government. He’s a little friendlier to European notions of data protection, a little more cautious about government authority to access data, and even a bit more open to the idea of letting the victims of cyberattacks leave their networks to find their attackers (under government supervision, that is). It’s a thoughtful, practical meditation on where the digital revolution is taking us and how we should try to steer it.

Michael Chertoff and Stewart Baker

Michael Chertoff and Stewart Baker

Continue Reading

Episode 230: Click Here to Kill Everybody

Posted in International, Privacy Regulation, Security Programs & Policies

 

We are fully back from our August hiatus, and leading off a series of great interviews, I talk with Bruce Schneier about his new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. Bruce is an internationally renowned technologist, privacy and security commentator, and someone I respect a lot more than I agree with. But his latest book opens new common ground between us, and we both foresee a darker future for a world that has digitally connected things that can kill people without figuring out a way to secure them. Breaking with Silicon Valley consensus, we see security regulation in the Valley’s future, despite all the well-known downsides that regulation will bring. We also find plenty of room for disagreement on topics like encryption policy and attribution.

Bruce Schneier and Stewart Baker

Bruce Schneier and Stewart Baker

Continue Reading

Episode 229: Blockchain Takes Over The Cyberlaw Podcast

Posted in Blockchain, European Union, Virtual Currency

On September 4th, Alan Cohn hosted the 229th episode of The Cyberlaw Podcast. We took a deep dive into all things blockchain and cryptocurrency discussing recent regulatory developments and best practices for users of exchanges.

Continue Reading

Thinking the unthinkable about responding to cyberattacks

Posted in China, Cybersecurity and Cyberwar, Russia

The United States may have pioneered the idea of fighting wars in cyberspace, but it’s our adversaries who are using cyberattacks most effectively. To deter them, the country needs creative new ways to punish nations if they launch the devastating attacks that are within their grasp.

Continue Reading

Bonus: Interview with Bruce Schneier (2015)

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

 

We’re still on hiatus, but we’re back again this week with another bonus episode. Our next season will feature an interview with Bruce Schneier, cryptography, computer science, and privacy guru, about his latest book, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. So it only seems appropriate to revisit my May 2015 interview with Bruce about his earlier work, the best-selling Data and Goliath – a book I annotated every few pages of with the words, “Bruce, you can’t possibly really believe this.” And that’s pretty much how the interview goes, as Bruce and I mix it up over hackbacks, whether everyone but government should be allowed to use Big Data tools, Edward Snowden, whether “mass surveillance” has value in fighting terrorism, and whether damaging cyberattacks are really infrequent and hard to attribute. We disagree mightily – and with civility.

We’ll be back in September with another edition of Blockchain Takes Over the Cyberlaw Podcast, followed by the new interview with Bruce Schneier.

Continue Reading

Webinar: The US-China Trade Relationship: Strategies for Coping with the New Normal

Posted in China

On August 28, Steptoe will host a webinar on US-China trade relations. From the announcement:

Over the past few months, US-China trade relations have radically changed. Under Section 301 of the Trade Expansion Act of 1962, the United States has imposed additional tariffs on billions worth of China imports and is threatening to import tariffs on billions more, and China has responded in kind. These tariffs have caused significant turmoil and uncertainty in the US business community.

We have prepared answers to some frequently asked questions to help companies cope with the most immediate consequences of these proceedings. But US companies must also start to consider the longer term repercussions of these tariffs. The landscape of US-China trade relations has been fundamentally altered, and US companies must consider how they can integrate this “new normal” into their business operations.

You can learn more and RSVP on the event page here.