Header graphic for print
Steptoe Cyberblog

Category Archives: Privacy Regulation

Subscribe to Privacy Regulation RSS Feed

Episode 224 with Duncan Hollis: Do we need an international “potluck” cyber coalition?

Posted in China, Data Breach, International, Privacy Regulation

I interview Duncan Hollis, another Steptoe alumnus patrolling the intersection of international law and cybersecurity. With Matt Waxman, Duncan has written an essay on why the US should make the Proliferation Security Initiative a model for international rulemaking for cybersecurity. Since “coalition of the willing” was already taken, we settle on “potluck policy” as shorthand… Continue Reading

The Cyberlaw Podcast — Interview with Megan Stifel

Posted in China, European Union, International, Privacy Regulation, Russia

Episode 222: In which I get to play that guy in line for the movie with Woody Allen Our interview is with Megan Stifel, whose paper for Public Knowledge offers a new way of thinking about cybersecurity measures, drawing by analogy on the relative success of sustainability initiatives in spurring environmental consciousness. She holds up… Continue Reading

Belgium Publishes Draft Law Implementing GDPR

Posted in International, Privacy Regulation

On June 12, Belgium’s Parliament published a draft law on the “protection of natural persons with regard to processing of personal data.” The draft – comprising 280 Articles – has three objectives: Legislate so-called “open clauses” of the General Data Protection Regulation, i. e. those clauses in the Regulation where EU Member States are free to… Continue Reading

The Cyberlaw Podcast – News Roundup

Posted in Cybersecurity and Cyberwar, European Union, International, Privacy Regulation

Episode 220: GDPR and the Typhoid Marys of the Internet GDPR has finally arrived, Maury Shenk reminds us, bringing both expected and unexpected consequences. Among the expected: New Schrems lawsuits for more money from the same old defendants; and the wasting away of the cybersecurity resource that is WHOIS, as German courts ride to the rescue… Continue Reading

The Cyberlaw Podcast – News Roundup

Posted in China, International, Privacy Regulation, Security Programs & Policies

Episode 218: The Mugshots.com Case: California Crazy Meets European Crazy In this episode, Markham Erickson highlights the Mugshots.com prosecution. The site had a loathsome business model, publishing mugshots for free and charging hundreds of bucks to people who wanted the record of their arrests taken down. Now the owners are being prosecuted in a case… Continue Reading

The Final Countdown – The EU General Data Protection Regulation

Posted in Data Breach, European Union, Privacy Regulation

The EU General Data Protection Regulation (GDPR) comes into force on May 25, 2018. The GDPR makes many important changes to European Union (EU) data protection law, but it is not a complete departure from existing principles. Many of the concepts with which organizations are familiar will continue to apply under the GDPR. Thus, the… Continue Reading

The Cyberlaw Podcast – Interview with Nicholas Schmidle

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

Episode 215:  The Zelig of Hacking Back Our interview is with Nick Schmidle, staff writer for the New Yorker. His report on cybersecurity work that goes to the edge of the law and beyond turns up some previously unreported material, including the tale of Shawn Carpenter, a cybersecurity researcher with a talent for showing up… Continue Reading

The Cyberlaw Podcast — News Roundup

Posted in China, Cybersecurity and Cyberwar, Privacy Regulation, Russia

214: Dumbest privacy issue of the decade? This episode features a new technology-and-privacy flap. The police finally catch a sadistic serial killer, and the press can’t stop whining about DNA privacy. I argue that DNA privacy is in the running for Dumbest Privacy Issue of the Decade. Because privacy is all about making sure the police can’t… Continue Reading

The Cyberlaw Podcast — News Roundup

Posted in Cybersecurity and Cyberwar, European Union, Privacy Regulation

Episode 213: RSA in 5 minutes In a news-only episode, we get a cook’s tour of the RSA conference from attendees Paul Rosenzweig, Jim Lewis, and Stewart Baker. Short version: Top trends we saw at RSA: more nations attacking cybersecurity firms over attribution, more companies defending themselves outside their own networks (aka hackback), and growing (if still… Continue Reading

The Cyberlaw Podcast – Interview with David Sanger

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation

Episode 210: Keeper: Loser, Weeper In the news roundup, Nick Weaver, Ben Wittes, and I talk about the mild reheating of the encryption debate, sparked not just by renewed FBI pleading but by the collapse of the left-lib claim that building in access is impossible because math. The National Academy report on encryption access has demonstrated… Continue Reading

The Cyberlaw Podcast – Interview with Pete Chronis

Posted in China, Privacy Regulation, Virtual Currency

Episode 208: Washington’s one-minute hate for Silicon Valley All of Washington is mad at Silicon Valley these days, as our news roundup reveals. Dems and the media have moved on from blaming Hillary Clinton’s loss on Vladimir Putin; now they’re blaming Facebook and Cambridge Analytica. Gus Hurwitz and I have doubts about the claims of… Continue Reading

The Cyberlaw Podcast – Interview with Glenn Gerstell

Posted in Privacy Regulation, Security Programs & Policies

Episode 203: Interview with Glenn Gerstell This episode consists of Jamil Jaffer and I interviewing Glenn Gerstell, the General Counsel of the National Security Agency. Glenn explains what it was like on the inside of the effort to reauthorize section 702 of FISA. Jamil and I ask him whether the FISA court has the authority to deal… Continue Reading

GDPR: Belgium sets up new Data Protection Authority

Posted in Data Breach, European Union, International, Privacy Regulation

On 10 January, the Belgian Gazette published the Law of 3 December 2017 “setting up the authority for data protection” (the Law). The Law is the first legal text in Belgium applying various provisions of the EU’s General Data Protection Regulation (GDPR). Under the GDPR, EEA Member States must provide for one or more independent… Continue Reading

EU Court Denies Class Action for Data Protection in Schrems vs. Facebook Ireland Ltd – A Short-Lived Respite Until GDPR?

Posted in European Union, International, Privacy Regulation

In its judgment of January 26, the European Court interpreted EU rules on jurisdiction in a dispute referred from the Austrian Supreme Court between a ‘consumer’ – Maximilian Schrems – and Facebook Ireland Limited. The Court would not accept the consumer’s choice of forum for a class-action type proceeding and held that, when interpreting EU… Continue Reading

European Commission Keeps Up Pressure On GDPR

Posted in Data Breach, European Union, International, Privacy Regulation

The EU General Data Protection Regulation (GDPR) will apply to businesses operating in the EU from 25 May 2018 – in 100 days’ time. Senior Commissioners Ansip (Digital Single Market) and Jourová (Justice) yesterday announced guidelines and other materials to “facilitate a direct and smooth application of the new data protection rules across the EU [and beyond]… Continue Reading

The Cyberlaw Podcast — Interview with Mara Hvistendahl

Posted in China, European Union, International, Privacy Regulation

Episode 197:  Interview with Mara Hvistendahl While the US was transfixed by posturing over the Trump presidency, China has been building the future. Chances are you’ll find one part of that future – social credit scoring – both appalling in principle and irresistible in practice. That at least is the lesson I draw from our interview… Continue Reading

The Cyberlaw Podcast — Interview with Elsa Kania

Posted in China, Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

Episode 196: Did AlphaGo launch an arms race with China? In this episode, I interview Elsa Kania, author of a Center for a New American Security report on China’s plan for military uses of artificial intelligence – a plan that seems to have been accelerated by the asymmetric impact of AlphaGo on the other side… Continue Reading

The Cyberlaw Podcast – Interview with United States Representative Tom Graves

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

Episode 189: Hack Back in Black: Interviewing United States Representative Tom Graves about the ACDC act. Today’s bonus episode is an interview with Rep. Graves, co-sponsor of the Active Cyber Defense Certainty (ACDC) Act, which allows those whose networks are under persistent attack to leave their network to conduct investigative action. Rep. Graves offers a… Continue Reading

The Cyberlaw Podcast – Interview with Chris Painter

Posted in European Union, Privacy Regulation

Episode 188: Putting the “F” in FISA: Bipartisan Extremism and the Road to 1997 In this episode, Brian Egan and I deconstruct the endlessly proliferating “FISA 702 Reform” bills, from the irresponsible House Judiciary bill to the “I’ll see your irresponsible and raise you crazy” bipartisan extremist bill beloved of Sens. Wyden and Paul (and talk… Continue Reading