Header graphic for print
Steptoe Cyberblog

Category Archives: Privacy Regulation

Subscribe to Privacy Regulation RSS Feed

The Fight Over CCPA Heats Up

Posted in Privacy Regulation

We recently published a client alert on the California Consumer Privacy Act. From the alert: When California lawmakers hastily enacted the California Consumer Privacy Act (CCPA) in June 2018, few expected the law — voted on after only a few days’ deliberation — to remain unamended. And, indeed, the law was first amended just a few… Continue Reading

Episode 262: Udderly indefensible facial recognition scandal may drive new privacy mooovement

Posted in China, International, Privacy Regulation

  Have the Chinese hired American lawyers to vet their cyberespionage tactics – or just someone who cares about opsec? Probably the latter, and if you’re wondering why China would suddenly care about opsec, look no further than Supermicro’s announcement that it will be leaving China after a Bloomberg story claiming that the company’s supply… Continue Reading

Episode 257: How we know the North Korean Embassy break-in wasn’t the work of the CIA

Posted in Data Breach, International, Privacy Regulation

  In today’s News Roundup, Klon Kitchen adds to the North Korean Embassy invasion by an unknown group. Turns out some of the participants fled to the US and lawyered up, but the real tipoff about attribution is that they’ve given some of the data they stole to the FBI. That rules out CIA involvement… Continue Reading

Episode 250: We give you Weaver

Posted in China, European Union, International, Privacy Regulation, Security Programs & Policies

  If you get SMS messages on your phone and think you have two-factor authentication, you’re kidding yourself. That’s the message Nick Weaver and David Kris extract from two stories we cover in this week’s episode of The Cyberlaw Podcast – DOJ’s indictment of a couple of kids whose hacker chops are modest but whose… Continue Reading

Episode 248: Tomayto, Tomahto: Right to be Forgotten Meets Right to Die

Posted in China, European Union, International, Privacy Regulation, Russia

  If the surgeon about to operate on you has been disciplined for neglecting patients, wouldn’t you like to know? Well, the mandarins of the European Union privacy lobby beg to differ. Google has been told by a Dutch court not to index that story, and there seems to have been a six-month lag in… Continue Reading

Episode 242: Nobody Trolls Like the Russians

Posted in China, European Union, International, Privacy Regulation, Russia

  This episode features an interview with Michael Tiffany, the co-founder and president of White Ops and a deep student of how to curtail adtech fraud. Michael explains the adtech business, how fraudsters take advantage of its structure, and what a coalition of law enforcement and tech companies did to wreck one of the most… Continue Reading

Episode 237: I’d Like to Teach the World to Troll, in Perfect Harmony!

Posted in China, Data Breach, European Union, International, Privacy Regulation, Russia

  The theme of this week’s podcast seems to be the remarkable reach of American soft power: Really, we elect Donald Trump, and suddenly everybody’s trolling. The Justice Department criminally charges a Russian troll factory’s accountant, and before David Kris can finish explaining it, she’s on YouTube, trolling the prosecutors with a housewife schtick. She’s… Continue Reading

Episode 231: Ah, September, when Europe unleashes a summer’s worth of crazy

Posted in European Union, International, Privacy Regulation

  Our interview this week is with Hon. Michael Chertoff, my former boss at Homeland Security and newly minted author of Exploding Data: Reclaiming Our Cyber Security in the Digital Age. The conversation – and the book – is wide ranging and shows how much his views on privacy, data, and government have evolved in… Continue Reading

Episode 230: Click Here to Kill Everybody

Posted in International, Privacy Regulation, Security Programs & Policies

  We are fully back from our August hiatus, and leading off a series of great interviews, I talk with Bruce Schneier about his new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. Bruce is an internationally renowned technologist, privacy and security commentator, and someone I respect a lot more… Continue Reading

Bonus: Interview with Bruce Schneier (2015)

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

  We’re still on hiatus, but we’re back again this week with another bonus episode. Our next season will feature an interview with Bruce Schneier, cryptography, computer science, and privacy guru, about his latest book, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. So it only seems appropriate to revisit my… Continue Reading

Episode 228: Best idea yet for derailing the Kavanaugh nomination

Posted in CFIUS, China, Cybersecurity and Cyberwar, European Union, Privacy Regulation, Security Programs & Policies

Our guest for the interview is Noah Phillips, recently appointed FTC Commissioner and former colleague of Stewart Baker at Steptoe. Noah fields questions about the European Union, privacy, and LabMD, about whether Silicon Valley suppression of conservative speech should be a competition law issue, about how foreign governments’ abuse of merger approvals can be disciplined,… Continue Reading

Episode 224 with Duncan Hollis: Do we need an international “potluck” cyber coalition?

Posted in China, Data Breach, International, Privacy Regulation

I interview Duncan Hollis, another Steptoe alumnus patrolling the intersection of international law and cybersecurity. With Matt Waxman, Duncan has written an essay on why the US should make the Proliferation Security Initiative a model for international rulemaking for cybersecurity. Since “coalition of the willing” was already taken, we settle on “potluck policy” as shorthand… Continue Reading

The Cyberlaw Podcast — Interview with Megan Stifel

Posted in China, European Union, International, Privacy Regulation, Russia

Episode 222: In which I get to play that guy in line for the movie with Woody Allen Our interview is with Megan Stifel, whose paper for Public Knowledge offers a new way of thinking about cybersecurity measures, drawing by analogy on the relative success of sustainability initiatives in spurring environmental consciousness. She holds up… Continue Reading

Belgium Publishes Draft Law Implementing GDPR

Posted in International, Privacy Regulation

On June 12, Belgium’s Parliament published a draft law on the “protection of natural persons with regard to processing of personal data.” The draft – comprising 280 Articles – has three objectives: Legislate so-called “open clauses” of the General Data Protection Regulation, i. e. those clauses in the Regulation where EU Member States are free to… Continue Reading

The Cyberlaw Podcast – News Roundup

Posted in Cybersecurity and Cyberwar, European Union, International, Privacy Regulation

Episode 220: GDPR and the Typhoid Marys of the Internet GDPR has finally arrived, Maury Shenk reminds us, bringing both expected and unexpected consequences. Among the expected: New Schrems lawsuits for more money from the same old defendants; and the wasting away of the cybersecurity resource that is WHOIS, as German courts ride to the rescue… Continue Reading

The Cyberlaw Podcast – News Roundup

Posted in China, International, Privacy Regulation, Security Programs & Policies

Episode 218: The Mugshots.com Case: California Crazy Meets European Crazy In this episode, Markham Erickson highlights the Mugshots.com prosecution. The site had a loathsome business model, publishing mugshots for free and charging hundreds of bucks to people who wanted the record of their arrests taken down. Now the owners are being prosecuted in a case… Continue Reading

The Final Countdown – The EU General Data Protection Regulation

Posted in Data Breach, European Union, Privacy Regulation

The EU General Data Protection Regulation (GDPR) comes into force on May 25, 2018. The GDPR makes many important changes to European Union (EU) data protection law, but it is not a complete departure from existing principles. Many of the concepts with which organizations are familiar will continue to apply under the GDPR. Thus, the… Continue Reading

The Cyberlaw Podcast – Interview with Nicholas Schmidle

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

Episode 215:  The Zelig of Hacking Back Our interview is with Nick Schmidle, staff writer for the New Yorker. His report on cybersecurity work that goes to the edge of the law and beyond turns up some previously unreported material, including the tale of Shawn Carpenter, a cybersecurity researcher with a talent for showing up… Continue Reading

The Cyberlaw Podcast — News Roundup

Posted in China, Cybersecurity and Cyberwar, Privacy Regulation, Russia

214: Dumbest privacy issue of the decade? This episode features a new technology-and-privacy flap. The police finally catch a sadistic serial killer, and the press can’t stop whining about DNA privacy. I argue that DNA privacy is in the running for Dumbest Privacy Issue of the Decade. Because privacy is all about making sure the police can’t… Continue Reading