Header graphic for print
Steptoe Cyberblog

Tag Archives: Personal Data

GDPR: Belgium sets up new Data Protection Authority

Posted in Data Breach, European Union, International, Privacy Regulation

On 10 January, the Belgian Gazette published the Law of 3 December 2017 “setting up the authority for data protection” (the Law). The Law is the first legal text in Belgium applying various provisions of the EU’s General Data Protection Regulation (GDPR). Under the GDPR, EEA Member States must provide for one or more independent… Continue Reading

EU Court Denies Class Action for Data Protection in Schrems vs. Facebook Ireland Ltd – A Short-Lived Respite Until GDPR?

Posted in European Union, International, Privacy Regulation

In its judgment of January 26, the European Court interpreted EU rules on jurisdiction in a dispute referred from the Austrian Supreme Court between a ‘consumer’ – Maximilian Schrems – and Facebook Ireland Limited. The Court would not accept the consumer’s choice of forum for a class-action type proceeding and held that, when interpreting EU… Continue Reading

European Commission Keeps Up Pressure On GDPR

Posted in Data Breach, European Union, International, Privacy Regulation

The EU General Data Protection Regulation (GDPR) will apply to businesses operating in the EU from 25 May 2018 – in 100 days’ time. Senior Commissioners Ansip (Digital Single Market) and Jourová (Justice) yesterday announced guidelines and other materials to “facilitate a direct and smooth application of the new data protection rules across the EU [and beyond]… Continue Reading

The Cyberlaw Podcast — Interview with Mara Hvistendahl

Posted in China, European Union, International, Privacy Regulation

Episode 197:  Interview with Mara Hvistendahl While the US was transfixed by posturing over the Trump presidency, China has been building the future. Chances are you’ll find one part of that future – social credit scoring – both appalling in principle and irresistible in practice. That at least is the lesson I draw from our interview… Continue Reading

Steptoe Cyberlaw Podcast — News Roundup with Julian Sanchez and Gus Hurwitz

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation

Episode 160: News Roundup with Julian Sanchez and Gus Hurwitz This week the podcast features an extended news roundup with two guest commentators – Julian Sanchez of the Cato Institute and Gus Hurwitz of Nebraska Law School. We talk about the latest, mostly overhyped, Shadowbrokers dump, and whether Google Translate can be taught to render… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Joshua Corman and Justine Bone

Posted in Privacy Regulation, Security Programs & Policies

Episode 157 digs into the security of the medical internet of things.  Which, we discover, could be described more often than we’d like as an internet of things that want to kill us.  Joshua Corman of the Atlantic Council and Justine Bone, CEO of MedSec, talk about the culture clash that has made medical cybersecurity… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Curtis Dukes and Tony Sager

Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

Episode 154:  What cybersecurity experts tell their Moms about computer security In this week’s episode, we ask two acknowledged NSA cybersecurity experts, Curtis Dukes and Tony Sager, both from the Center for Internet Security, what they tell their family members about how to keep their computers, phones, and doorbells safe from hackers. Joining us for… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Matt Tait

Posted in China, Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Episode 153:  Fancy Bear, Cozy Bear, and … Sneaky Bear? In this episode, Matt Tait, aka @PwnAllTheThings, takes us on a tour of Russia’s cyberoperations.  Ever wonder why there are three big Russian intel agencies but only two that have nicknames in cybersecurity research?  Matt has the answer to this and all your other Russian… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Corin Stone

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation

Our guest for episode 148 of the podcast is Corin Stone, the Executive Director of the National Security Agency.  Corin handles some tough questions – should the new team dump PPD-28, how is morale at the agency after the Snowden and Shadowbroker leaks, and will fully separating Cyber Command from NSA mean new turf fights? … Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jack Goldsmith

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation

147: Introducing the Herman Kahn of Cyberspace Our guest interview is with Jack Goldsmith, Shattuck Professor of Law at Harvard and co-founder of Lawfare.  We explore his contrarian view of how to deal with Russian hacking, which leads to me praising (or defaming, take your pick) him as a Herman Kahn for cyberconflict.  Except what’s unthinkable… Continue Reading

Steptoe Cyberlaw Podcast – Interview with John Markoff

Posted in Cybersecurity and Cyberwar, Data Breach

The Autonomous Weapon Who Went to the Beach Episode 140 features long-time New York Times reporter, John Markoff, on the past and future of artificial intelligence and its ideological converse – the effort to make machines that augment rather than replace human beings.  Our conversation covers everything from robots, autonomous weapons, and Siri to hippie… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jonathan Zittrain

Posted in Cybersecurity and Cyberwar, Security Programs & Policies

Jonathan Zittrain, who holds a surfeit of titles at Harvard, is our guest for episode 136.  Among other topics, we explore the implications of routine doxing of political adversaries.  Along the way I extract kind words from Jonathan for Sarah Palin and welcome him to the club of those who think mass doxxers are evil punks. … Continue Reading

Steptoe Cyberlaw Podcast – Interview with Robert Silvers

Posted in Blockchain, Cybersecurity and Cyberwar, International, Security Programs & Policies

Our guest for the episode is Rob Silvers, the assistant secretary for cybersecurity policy at DHS.  He talks about what the government can and should do about newly potent DDOS attacks and the related problem of the Internet of Things.  The only good news: insecure debrillators and pacemakers may kill you, but they haven’t yet been… Continue Reading

Data Portability under EU GDPR: A Financial Services Perspective

Posted in International, Privacy Regulation

Philip Woolfson and I wrote an article for PL&B International about data portability, a new requirement of data protection law which will be introduced when the European Union General Data Protection Regulation (GDPR) applies on May 25, 2018.  Under this new regulation, data subjects have acquired a right to data portability (RDP). This article looks… Continue Reading

An EU General Data Protection Guide for the Insurance and Financial Services Sector

Posted in International, Privacy Regulation

To help prepare for the application of the European regulation on the protection of individuals with regard to the processing of personal data and on the free movement (the EU General Data Protection Regulation or GDPR), which will enter into force on May 25, 2018, Guy Soussan, Philip Woolfson, and I authored a commentary on the GDPR… Continue Reading

Steptoe Cyberlaw Podcast – The Grugq

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

(Groucho) Marxism and Red Lines in Cyberspace In episode 133, our guest is The Grugq, famous in hacker circles but less so among Washington policymakers.  We talk about the arrest of an NSA employee for taking malware and other classified materials home, the Shadow Broker leak of Equation Group tools, and the Grugq’s view that… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ellen Nakashima

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In episode 132, our threepeat guest is Ellen Nakashima, star cyber reporter for the Washington Post.  Markham Erickson and I talk to her about Vladimir Putin’s endless appetite for identifying ‒ and crossing ‒ American red lines, the costs and benefits of separating NSA from Cyber Command, and the chances of a pardon for Edward… Continue Reading

Steptoe Cyberlaw Podcast – News Round-Up

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies, Uncategorized

In a law-heavy news roundup, Katie Cassel and I talk about New York’s dangerously prescriptive cybersecurity regs for banks and insurers. Maury Shenk and I uncover the seamy industrial politics behind the EU’s latest copyright and telecom proposals.  The Sixth Circuit deepens a circuit split over standing and how much injury it takes to support… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ed Hammersla and Brian White

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 126 – The podcast goes to the conventions If Vladimir Putin can do it, so can we. This week the podcast dives deep into the US presidential campaign. I of course talk with Maury Shenk about evidence that the Russians are behind “Guccifer 2.0” and the DNC data leak – aided by a Wikileaks… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jeremy and Ariel Rabkin

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In the news roundup, Michael Vatis covers Microsoft’s surprising Second Circuit victory over the Justice Department in litigation over a warrant for data stored in Ireland.  The hidden issue in that case was data localization – the same issue driving the Justice Department’s new legislative proposal to allow foreign nations to obtain information from US… Continue Reading

Steptoe Cyberlaw Podcast – News Round-Up

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

This week’s news roundup is dominated by the Ninth Circuit and the European Union. The EU parliament has approved the Privacy Shield that replaces the Safe Harbor. Michael Vatis, Alan Cohn and I ask whether companies should seek protection under what may prove to be a pretty leaky Shield. And the EU has approved cybersecurity… Continue Reading

Steptoe Cyberlaw Podcast – News Round-Up

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Edward Snowden criticizes Russia’s mass surveillance law, and a Russian official retaliates by outing him ‒ as a Russian intelligence source.  Silent Circle, the phone company that built its marketing on fear and loathing of the NSA, is nearing bankruptcy. And members of the dominant European Parliament faction are asking the Commission, “Hey! How come… Continue Reading