Header graphic for print
Steptoe Cyberblog

Tag Archives: Personal Data

European Data Protection Board Adopts Draft Guidelines on Territorial Scope of General Data Protection Regulation (GDPR)

Posted in Data Breach, European Union, International, Security Programs & Policies

The European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR. At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope. These guidelines should help provide a common interpretation of… Continue Reading

Episode 231: Ah, September, when Europe unleashes a summer’s worth of crazy

Posted in European Union, International, Privacy Regulation

  Our interview this week is with Hon. Michael Chertoff, my former boss at Homeland Security and newly minted author of Exploding Data: Reclaiming Our Cyber Security in the Digital Age. The conversation – and the book – is wide ranging and shows how much his views on privacy, data, and government have evolved in… Continue Reading

The Cyberlaw Podcast – News Roundup

Posted in China, International, Privacy Regulation, Security Programs & Policies

Episode 218: The Mugshots.com Case: California Crazy Meets European Crazy In this episode, Markham Erickson highlights the Mugshots.com prosecution. The site had a loathsome business model, publishing mugshots for free and charging hundreds of bucks to people who wanted the record of their arrests taken down. Now the owners are being prosecuted in a case… Continue Reading

The Final Countdown – The EU General Data Protection Regulation

Posted in Data Breach, European Union, Privacy Regulation

The EU General Data Protection Regulation (GDPR) comes into force on May 25, 2018. The GDPR makes many important changes to European Union (EU) data protection law, but it is not a complete departure from existing principles. Many of the concepts with which organizations are familiar will continue to apply under the GDPR. Thus, the… Continue Reading

The Cyberlaw Podcast – Interview with David Sanger

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation

Episode 210: Keeper: Loser, Weeper In the news roundup, Nick Weaver, Ben Wittes, and I talk about the mild reheating of the encryption debate, sparked not just by renewed FBI pleading but by the collapse of the left-lib claim that building in access is impossible because math. The National Academy report on encryption access has demonstrated… Continue Reading

The Cyberlaw Podcast — News Roundup

Posted in Blockchain, Cybersecurity and Cyberwar, International, Security Programs & Policies

Episode 205: Scandularity Today’s news roundup begins with Maury Shenk and Brian Egan offering their views about the Supreme Court oral argument in the Microsoft Ireland case. We highlight some of the questions that may tip the Justices’ hand. Brian and I dig into the Dems’ reply memo on the Carter Page FISA application. I’m mostly unshocked… Continue Reading

GDPR: Belgium sets up new Data Protection Authority

Posted in Data Breach, European Union, International, Privacy Regulation

On 10 January, the Belgian Gazette published the Law of 3 December 2017 “setting up the authority for data protection” (the Law). The Law is the first legal text in Belgium applying various provisions of the EU’s General Data Protection Regulation (GDPR). Under the GDPR, EEA Member States must provide for one or more independent… Continue Reading

EU Court Denies Class Action for Data Protection in Schrems vs. Facebook Ireland Ltd – A Short-Lived Respite Until GDPR?

Posted in European Union, International, Privacy Regulation

In its judgment of January 26, the European Court interpreted EU rules on jurisdiction in a dispute referred from the Austrian Supreme Court between a ‘consumer’ – Maximilian Schrems – and Facebook Ireland Limited. The Court would not accept the consumer’s choice of forum for a class-action type proceeding and held that, when interpreting EU… Continue Reading

European Commission Keeps Up Pressure On GDPR

Posted in Data Breach, European Union, International, Privacy Regulation

The EU General Data Protection Regulation (GDPR) will apply to businesses operating in the EU from 25 May 2018 – in 100 days’ time. Senior Commissioners Ansip (Digital Single Market) and Jourová (Justice) yesterday announced guidelines and other materials to “facilitate a direct and smooth application of the new data protection rules across the EU [and beyond]… Continue Reading

The Cyberlaw Podcast — Interview with Mara Hvistendahl

Posted in China, European Union, International, Privacy Regulation

Episode 197:  Interview with Mara Hvistendahl While the US was transfixed by posturing over the Trump presidency, China has been building the future. Chances are you’ll find one part of that future – social credit scoring – both appalling in principle and irresistible in practice. That at least is the lesson I draw from our interview… Continue Reading

Steptoe Cyberlaw Podcast — News Roundup with Julian Sanchez and Gus Hurwitz

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation

Episode 160: News Roundup with Julian Sanchez and Gus Hurwitz This week the podcast features an extended news roundup with two guest commentators – Julian Sanchez of the Cato Institute and Gus Hurwitz of Nebraska Law School. We talk about the latest, mostly overhyped, Shadowbrokers dump, and whether Google Translate can be taught to render… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Joshua Corman and Justine Bone

Posted in Privacy Regulation, Security Programs & Policies

Episode 157 digs into the security of the medical internet of things.  Which, we discover, could be described more often than we’d like as an internet of things that want to kill us.  Joshua Corman of the Atlantic Council and Justine Bone, CEO of MedSec, talk about the culture clash that has made medical cybersecurity… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Curtis Dukes and Tony Sager

Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

Episode 154:  What cybersecurity experts tell their Moms about computer security In this week’s episode, we ask two acknowledged NSA cybersecurity experts, Curtis Dukes and Tony Sager, both from the Center for Internet Security, what they tell their family members about how to keep their computers, phones, and doorbells safe from hackers. Joining us for… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Matt Tait

Posted in China, Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Episode 153:  Fancy Bear, Cozy Bear, and … Sneaky Bear? In this episode, Matt Tait, aka @PwnAllTheThings, takes us on a tour of Russia’s cyberoperations.  Ever wonder why there are three big Russian intel agencies but only two that have nicknames in cybersecurity research?  Matt has the answer to this and all your other Russian… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Corin Stone

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation

Our guest for episode 148 of the podcast is Corin Stone, the Executive Director of the National Security Agency.  Corin handles some tough questions – should the new team dump PPD-28, how is morale at the agency after the Snowden and Shadowbroker leaks, and will fully separating Cyber Command from NSA mean new turf fights? … Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jack Goldsmith

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation

147: Introducing the Herman Kahn of Cyberspace Our guest interview is with Jack Goldsmith, Shattuck Professor of Law at Harvard and co-founder of Lawfare.  We explore his contrarian view of how to deal with Russian hacking, which leads to me praising (or defaming, take your pick) him as a Herman Kahn for cyberconflict.  Except what’s unthinkable… Continue Reading

Steptoe Cyberlaw Podcast – Interview with John Markoff

Posted in Cybersecurity and Cyberwar, Data Breach

The Autonomous Weapon Who Went to the Beach Episode 140 features long-time New York Times reporter, John Markoff, on the past and future of artificial intelligence and its ideological converse – the effort to make machines that augment rather than replace human beings.  Our conversation covers everything from robots, autonomous weapons, and Siri to hippie… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jonathan Zittrain

Posted in Cybersecurity and Cyberwar, Security Programs & Policies

Jonathan Zittrain, who holds a surfeit of titles at Harvard, is our guest for episode 136.  Among other topics, we explore the implications of routine doxing of political adversaries.  Along the way I extract kind words from Jonathan for Sarah Palin and welcome him to the club of those who think mass doxxers are evil punks. … Continue Reading

Steptoe Cyberlaw Podcast – Interview with Robert Silvers

Posted in Blockchain, Cybersecurity and Cyberwar, International, Security Programs & Policies

Our guest for the episode is Rob Silvers, the assistant secretary for cybersecurity policy at DHS.  He talks about what the government can and should do about newly potent DDOS attacks and the related problem of the Internet of Things.  The only good news: insecure debrillators and pacemakers may kill you, but they haven’t yet been… Continue Reading

Data Portability under EU GDPR: A Financial Services Perspective

Posted in International, Privacy Regulation

Philip Woolfson and I wrote an article for PL&B International about data portability, a new requirement of data protection law which will be introduced when the European Union General Data Protection Regulation (GDPR) applies on May 25, 2018.  Under this new regulation, data subjects have acquired a right to data portability (RDP). This article looks… Continue Reading

An EU General Data Protection Guide for the Insurance and Financial Services Sector

Posted in International, Privacy Regulation

To help prepare for the application of the European regulation on the protection of individuals with regard to the processing of personal data and on the free movement (the EU General Data Protection Regulation or GDPR), which will enter into force on May 25, 2018, Guy Soussan, Philip Woolfson, and I authored a commentary on the GDPR… Continue Reading