Privacy Regulation

Subscribe to Privacy Regulation

With the U.S. and Europe united in opposing Russia’s attack on Ukraine, a few tough transatlantic disputes are being swept away – or at least under the rug. Most prominently, the data protection crisis touched off by Schrems 2 has been resolved in principle by a new framework agreement between the U.S. and the

The Biden administration’s effort to counter ransomware may not be especially creative, but it is comprehensive. The administration is pushing all the standard buttons on the interagency dashboard, including the usual high-level task force and a $10 million reward program (but not including hackback authority for victims, despite headlines suggesting otherwise. And all the

Our interview in this episode is with Michael Daniel, formerly the top cybersecurity adviser in the Obama NSC and currently the CEO of the Cyber Threat Alliance.  Michael lays out CTA’s mission. Along the way he also offers advice to the Biden cyber team – drawing in part on the wisdom of Henry

Our interview is with Bruce Schneier, who has coauthored a paper about how to push security back up the Internet-of-things supply chain: The reverse cascade: Enforcing security on the global IoT supply chain.  His solution is hard on IOT affordability and hard on big retailers and other middlemen, who will face new

On March 11, California Attorney General (AG) Xavier Becerra released a third version of draft regulations implementing the California Consumer Privacy Act (CCPA). The third draft contains relatively minor changes from the second draft, which was released in February, suggesting that the AG is  close to finalizing the regulations, and that enforcement is likely to begin on schedule on July 1, 2020.

Continue Reading California Attorney General Releases Third Draft of CCPA Regulations

This is a bonus episode of the Cyberlaw Podcast – a freestanding interview of Noah Phillips, a Commissioner of the Federal Trade Commission. The topic of the interview is whether privacy and antitrust analysis should be merged, especially in the context of Silicon Valley and its social media platforms. Commissioner Phillips, who has devoted considerable attention to the privacy side of the FTC’s jurisdiction, recently delivered a speech on the topic and telegraphed his doubts in the title: “Should We Block This Merger? Some Thoughts on Converging Antitrust and Privacy.” Subject to the usual Cyberlaw Podcast injunction that he speaks only for himself and not his institution or relatives, Commissioner Phillips lays out the very real connections between personal data and industry dominance as well as the complexities that come from trying to use antitrust to solve privacy problems. Among the complexities: the key to more competition among social media giants could well be more sharing between companies of the personal data that fuels their network effects, and corporate sharing of personal data is what privacy advocates have spent a decade crusading against. It’s a wide-ranging interview, touching on, among other things, whether antitrust can be used to solve Silicon Valley’s censorship problem (he’s skeptical) and what he thinks of suggestions in Europe that perhaps the Schrems problem can be solved by declaring that post-CCPA California meets EU data privacy standards. Commissioner Phillips is bemused; I conclude that this is just Europe seeking revenge for President Trump’s Brexit support by promoting “Calexit.”

Continue Reading Episode 303: Another merger the FTC should block

The California Consumer Privacy Act (CCPA) has been in effect only since January 1, but it has already been cited in a lawsuit, apparently for the first time. On February 3, plaintiffs filed a class action complaint in the US District Court for the Northern District of California against retailer Hanna Andersson, LLC and Salesforce.com,

In this news-only episode, Nick Weaver and I muse over the outing of a GRU colonel for the nerve agent killings in the United Kingdom. I ask the question that is surely being debated inside MI6 today: Now that he’s been identified, should British intelligence make it their business to execute Col. Chepiga?

Continue Reading Episode 233: Outing the GRU