Header graphic for print
Steptoe Cyberblog

Category Archives: Privacy Regulation

Subscribe to Privacy Regulation RSS Feed

The Final Countdown – The EU General Data Protection Regulation

Posted in Data Breach, European Union, Privacy Regulation

The EU General Data Protection Regulation (GDPR) comes into force on May 25, 2018. The GDPR makes many important changes to European Union (EU) data protection law, but it is not a complete departure from existing principles. Many of the concepts with which organizations are familiar will continue to apply under the GDPR. Thus, the… Continue Reading

The Cyberlaw Podcast – Interview with Nicholas Schmidle

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

Episode 215:  The Zelig of Hacking Back Our interview is with Nick Schmidle, staff writer for the New Yorker. His report on cybersecurity work that goes to the edge of the law and beyond turns up some previously unreported material, including the tale of Shawn Carpenter, a cybersecurity researcher with a talent for showing up… Continue Reading

The Cyberlaw Podcast — News Roundup

Posted in China, Cybersecurity and Cyberwar, Privacy Regulation, Russia

214: Dumbest privacy issue of the decade? This episode features a new technology-and-privacy flap. The police finally catch a sadistic serial killer, and the press can’t stop whining about DNA privacy. I argue that DNA privacy is in the running for Dumbest Privacy Issue of the Decade. Because privacy is all about making sure the police can’t… Continue Reading

The Cyberlaw Podcast — News Roundup

Posted in Cybersecurity and Cyberwar, European Union, Privacy Regulation

Episode 213: RSA in 5 minutes In a news-only episode, we get a cook’s tour of the RSA conference from attendees Paul Rosenzweig, Jim Lewis, and Stewart Baker. Short version: Top trends we saw at RSA: more nations attacking cybersecurity firms over attribution, more companies defending themselves outside their own networks (aka hackback), and growing (if still… Continue Reading

The Cyberlaw Podcast – Interview with David Sanger

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation

Episode 210: Keeper: Loser, Weeper In the news roundup, Nick Weaver, Ben Wittes, and I talk about the mild reheating of the encryption debate, sparked not just by renewed FBI pleading but by the collapse of the left-lib claim that building in access is impossible because math. The National Academy report on encryption access has demonstrated… Continue Reading

The Cyberlaw Podcast – Interview with Pete Chronis

Posted in China, Privacy Regulation, Virtual Currency

Episode 208: Washington’s one-minute hate for Silicon Valley All of Washington is mad at Silicon Valley these days, as our news roundup reveals. Dems and the media have moved on from blaming Hillary Clinton’s loss on Vladimir Putin; now they’re blaming Facebook and Cambridge Analytica. Gus Hurwitz and I have doubts about the claims of… Continue Reading

The Cyberlaw Podcast – Interview with Glenn Gerstell

Posted in Privacy Regulation, Security Programs & Policies

Episode 203: Interview with Glenn Gerstell This episode consists of Jamil Jaffer and I interviewing Glenn Gerstell, the General Counsel of the National Security Agency. Glenn explains what it was like on the inside of the effort to reauthorize section 702 of FISA. Jamil and I ask him whether the FISA court has the authority to deal… Continue Reading

GDPR: Belgium sets up new Data Protection Authority

Posted in Data Breach, European Union, International, Privacy Regulation

On 10 January, the Belgian Gazette published the Law of 3 December 2017 “setting up the authority for data protection” (the Law). The Law is the first legal text in Belgium applying various provisions of the EU’s General Data Protection Regulation (GDPR). Under the GDPR, EEA Member States must provide for one or more independent… Continue Reading

EU Court Denies Class Action for Data Protection in Schrems vs. Facebook Ireland Ltd – A Short-Lived Respite Until GDPR?

Posted in European Union, International, Privacy Regulation

In its judgment of January 26, the European Court interpreted EU rules on jurisdiction in a dispute referred from the Austrian Supreme Court between a ‘consumer’ – Maximilian Schrems – and Facebook Ireland Limited. The Court would not accept the consumer’s choice of forum for a class-action type proceeding and held that, when interpreting EU… Continue Reading

European Commission Keeps Up Pressure On GDPR

Posted in Data Breach, European Union, International, Privacy Regulation

The EU General Data Protection Regulation (GDPR) will apply to businesses operating in the EU from 25 May 2018 – in 100 days’ time. Senior Commissioners Ansip (Digital Single Market) and Jourová (Justice) yesterday announced guidelines and other materials to “facilitate a direct and smooth application of the new data protection rules across the EU [and beyond]… Continue Reading

The Cyberlaw Podcast — Interview with Mara Hvistendahl

Posted in China, European Union, International, Privacy Regulation

Episode 197:  Interview with Mara Hvistendahl While the US was transfixed by posturing over the Trump presidency, China has been building the future. Chances are you’ll find one part of that future – social credit scoring – both appalling in principle and irresistible in practice. That at least is the lesson I draw from our interview… Continue Reading

The Cyberlaw Podcast — Interview with Elsa Kania

Posted in China, Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

Episode 196: Did AlphaGo launch an arms race with China? In this episode, I interview Elsa Kania, author of a Center for a New American Security report on China’s plan for military uses of artificial intelligence – a plan that seems to have been accelerated by the asymmetric impact of AlphaGo on the other side… Continue Reading

The Cyberlaw Podcast – Interview with United States Representative Tom Graves

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

Episode 189: Hack Back in Black: Interviewing United States Representative Tom Graves about the ACDC act. Today’s bonus episode is an interview with Rep. Graves, co-sponsor of the Active Cyber Defense Certainty (ACDC) Act, which allows those whose networks are under persistent attack to leave their network to conduct investigative action. Rep. Graves offers a… Continue Reading

The Cyberlaw Podcast – Interview with Chris Painter

Posted in European Union, Privacy Regulation

Episode 188: Putting the “F” in FISA: Bipartisan Extremism and the Road to 1997 In this episode, Brian Egan and I deconstruct the endlessly proliferating “FISA 702 Reform” bills, from the irresponsible House Judiciary bill to the “I’ll see your irresponsible and raise you crazy” bipartisan extremist bill beloved of Sens. Wyden and Paul (and talk… Continue Reading

The Cyberlaw Podcast – The Shane Roundup

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Today’s news roundup features Shane Harris of the Wall Street Journal, Brian Egan, and Alan Cohn discussing stories that Shane wrote last week.  Out of the box, we work through the hall of mirrors that the Kaspersky hacking story has become. The Russian hacking story is biting more companies than just Kaspersky.  Turns out that… Continue Reading

The Cyberlaw Podcast – Bonus Episode

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation

Episode 182: Attribution of Cyberattacks Episode 182 features a panel of experts on attribution of cyberattacks. I moderated the panel at the Georgia Tech 15th Annual Cyber Security Summit in Atlanta on September 27, 2017.  Panel members included Cristin Goodwin of Microsoft, Rob Knake of the Council on Foreign Relations, Hannah Kuchler of the Financial Times,… Continue Reading

Interview with Rebecca Richards and Elizabeth Goitein

Posted in Data Breach, International, Privacy Regulation

Episode 178: The Evil Dolphin Episode The Cyberlaw Podcast kicks off a series exploring section 702 – the half-US/half-foreign collection program that has proven effective against terrorists while also proving controversial with civil liberties groups.  With the program due to expire on December 31, we’ll examine the surveillance controversies spawned by the program. Today, we… Continue Reading

Steptoe Cyberlaw Podcast – News Roundup

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation

172:  The Self-Referential Episode In this news-only episode, we cover the irresistible story of the week: Trump, Russia, and the Media.  It’s especially irresistible for us because we’ve had two of the protagonists on as guests.  I make the bold prediction that Shane Harris’s stories on Russia collusion and the Trump campaign will be seen as… Continue Reading

Steptoe Cyberlaw Podcast – Interview with David Sanger

Posted in China, Cybersecurity and Cyberwar, International, Privacy Regulation, Uncategorized

168: Globalizing Censorship Episode 168 features the Tinkers-to-Evers-to-Chance of global censorship, as Filipino contractors earning minimum wage delete posts in order to satisfy US tech companies who are trying to satisfy European governments.  In addition to Maury Shenk, our panel of interlocutors includes David Sanger, Chief Washington Correspondent for the New York Times, and Karen… Continue Reading