March 19, 2019
Category archive


How Trump’s government shutdown is harming cyber and national security

in airline security/computer security/Delhi/funding/Government/Homeland Security/India/national security/Politics/president/Security/Trump/tsa/U.S. government/Washington by

It’s now 18 days since the U.S. government unceremoniously shut down because Congress couldn’t agree on a bill to fund a quarter of all federal departments — including paying their employees.

But federal workers are starting to feel the pinch after not getting paid for two weeks, and this will have a knock-on effect to U.S. national security. The longer the shutdown goes on, the greater the damage will be.

The “too long, didn’t read” version is that before Christmas, President Trump wanted $5 billion for a wall on the southern border with Mexico to fulfill a campaign promise. Despite the Republicans having a majority in both houses of Congress, they didn’t have the votes to pass the spending bill in the Senate, which would’ve kept the government going when existing funding expired on midnight on December 22. No vote was held, even after a successful vote in the House, and the government shut down. When the Democrats took the majority in the House last week following their midterm wins, they were ready to pass a funding bill — without the $5 billion (because they think it’s a gigantic waste of money) — and get the government going again. But Trump has said he won’t sign any bill that doesn’t have the border wall funding.

More than two weeks later, some 800,000 federal workers are still at home — yet, about half were told to stay and work without pay. Worse, there’s no guarantee that federal workers will get paid for the time the government was shut down unless lawmakers intervene.

Unless the Democrats get a veto-proof majority, the impasse looks set to continue.

A crew works replacing the old border fence along a section of the U.S.-Mexico border, as seen from Tijuana, in Baja California state, Mexico, on January 8, 2019. (Photo by GUILLERMO ARIAS/AFP/Getty Images)

Government shutdowns don’t happen very often — usually — or really at all outside the U.S., and yet this is the first time in four decades that the government has been closed three times in one year. That doesn’t mean cyber or national security threats conveniently stop. Granted, most of the government is functioning and ticking over. There are still boots on the ground, cops on the street, NSA analysts fighting hackers in cyberspace and criminals still facing justice.

But while most of the core government departments — State, Treasury, Justice and Defense — are still operational, others — like Homeland Security, which takes the bulk of the government’s cybersecurity responsibility — are suffering the most.

And the longer the shutdown goes on, the greater chance of tighter budgets and that more staff could be furloughed.

Here’s a breakdown:

Homeland Security’s new cybersecurity unit got off to a rough start: The newly established Cybersecurity and Infrastructure Security Agency, a division of Homeland Security, has only been operational since November 16, but about more than half of its staff have been furloughed, according to Homeland Security. The division is designed to lead the national effort to defend critical national infrastructure from current, ongoing threats. By our count at the time of writing, the CISA has been shut down for one in 10 days of its two-month tenure.

Threat intelligence sharing will take a hit: A little-known program inside Homeland Security, known as the Automated Indicator Sharing, has also sent home more than 80 percent of it staff, according to Duo Security. AIS allows private industry and government agencies to share threat intelligence, which is shared with Homeland Security’s government partners, to ensure that any detected attack can only ever be used once. The shutdown is going to heavily impact the data exchange program.

New NIST standards to face delays: More than 85 percent of National Institute of Standards and Technology employees have been sent home without pay, leaving just a handful of essential staff to keep NIST’s new advice and guidance work going. NIST is responsible for giving all government departments necessary and up-to-date security advice. It also means that FIPS testing, used to grant devices and new technologies security certifications to run on government networks, has completely stopped during the shutdown.

Underpaid TSA agents are now entirely unpaid: The TSA, found at every U.S. airport security screening area, is still working despite the shutdown. More than 90 percent of the TSA’s workforce of 60,078 employees will go unpaid — on top of already low pay, which has resulted in a high turnover rate. Despite Trump’s remarks to the contrary, several news agencies say TSA workers are calling out sick in droves. And that’s going to harm airport security. Many worry that the already low morale could put airline security at risk. One traveler/passenger at Minneapolis-Saint Paul International Airport tweeted this week: “I asked TSA agent if I should take out my laptop out of its case and she said, ‘I don’t care, I’m not getting paid’.”

Secret Service staff are working unpaid: And, whether you like them or not, keeping the president and senior lawmakers and politicians alive is a paramount national security concern, yet the vast majority of front-line and back office Secret Service agents currently protecting senior administration staff are going unpaid during the shutdown.

And that’s just some of the larger departments.

The shutdown isn’t only hampering short-term efforts, but could result in long-lasting damage.

“Cyber threats don’t operate on Washington’s political timetable, and they don’t stop because of a shutdown,” Lisa Monaco, former homeland security advisor to the president, told Axios on Wednesday. And security firm Duo said that trying to keep all of the cyber-plates spinning at once while not at full-strength is “risky,” especially given nobody knows how long the shutdown will last.

All this for a border wall that Trump says will prevent terrorists from pouring into the U.S.

Critics say that the cost-benefit to building the wall vis-à-vis the shutdown doesn’t add up. Experts say that there hasn’t been a single case of a known terrorist to have crossed illegally into the U.S. from the Mexican border. In fact, since the September 11 attacks, more than three-quarters of all designated acts of terror were carried out by far-right extremists and not Islamic violent extremists, according to a government watchdog. The vast majority of terrorist incidents were U.S. citizens or green card holders.

A border wall might keep some terrorists out, but it’s not going to stop the terrorists who are already in the U.S. Yet, right now it seems the White House wants the appearance of security rather than the security from a quarter of what the government already has at its disposal.

News Source =

VC firms of Kevin Durant and Snoop Dogg back Dutchie, a new cannabis delivery service

in Bend/california/Canada/cannabis/Casa Verde Capital/Co-founder/colorado/Delhi/Durant company/eaze/Food/food delivery/India/justeat/Los Angeles/michigan/Nevada/online food delivery/oregon/Politics/snoop dogg/TC/Washington by

Ross Lipson, the chief executive officer and co-founder of the on-demand marijuana and cannabis delivery service, Dutchie, had thought he was done with the online delivery business.

Instead, he’s launched a new delivery service that has just raised $3 million from Casa Verde Capital, the $45 million venture firm founded by hip hop impresario Snoop Dogg, and Kevin Durant’s Durant Company — among others — to take advantage of the growing demand for marijuana delivery.

It had been only five years since Lipson sold a food delivery business he spent a decade building when the inspiration for Dutchie came to him. And the idea was too compelling to shake.

Lipson was living in Bend, Ore., where he’d retired after selling his online food delivery business GrubCanada to JustEat, the European tech-enabled delivery giant, back in 2012.

Then, in 2015, after Oregon legalized recreational use of marijuana, Lipson began wondering if it wasn’t time to revisit the whole delivery space again.

For him, the conundrum for consumers looking to buy cannabis products was similar to the dilemma in-home diners faced when choosing what to eat. In the modern weed world (at least in places where marijuana is legal), consumers are so spoiled for choice they often go with a default option.

Before online delivery, ordering food meant turning to the neighborhood spot for everything from American to Ethiopian, Italian, Jamaican, Chinese, Indian, Thai, or Tibetan food. But with online delivery services, a whole city’s worth of restaurant options opened up to consumers (as long as they were in your delivery area).

The same, Lipson figured, was true of marijuana.

“We’re creating a tool that helps the user and consumer navigate the delivery space,” he said. “We’re educating the consumer to that buying experiences…. If you don’t have that online ordering tool in front of you you’re forced to choose a dispensary and take the information that that ‘budtender’ gives you, which is their personal preference.”

Right now, marijuana delivery is something of a land grab. In Los Angeles alone, services like Nugg, Ganjarunner, Kushfly, Eaze, HERB, Westside Organic, and Cannabis Express, all pitch delivery services for marijuana or cannabis infused products, oils and vapes to willing consumers.

Eaze, the biggest startup in the online delivery space, has raised at least $37 million to tackle the growing market for legal cannabis delivery since its launch in 2014.

Lipson, however, has seen this all before with food. He started Dutchie in 2017 (and yes, it is named after the song) in 2017 from Bend and has been slowly and steadily growing the business. The company signed on 50 dispensaries in Oregon to help prove out the product and just raised $3 million in a seed round from Casa Verde Capital, The Durant Company, Sinai Ventures and other angel investors.

The company currently operates in Oregon, Washington, and Michigan and is launching in Colorado, Nevada and California this month. It currently works with 100 dispensaries and has seen $2.5 million in gross merchandise volume in its first year of operations alone.

To further boost its expansion efforts, the company also signed an agreement with Canopy Rivers (the newly spun off investment and operating arm of $10 billion dollar Canadian cannabis company, Canopy Growth) to operate internationally in Canada. Asked why Lipson didn’t just try to float the business on the Toronto Stock Exchange to take advantage of the exuberance investors have for all things cannabis, the chief executive said he wanted to be more measured in his approach.

“There’s a lot of hype and speculation around the cannabis space especially in the public markets,” Lipson said. “It’s not a traditional way to go about a business of this size. We’re extremely excited and eager to partner with the investors that we did.”

With only 14 employees — many of whom work remotely — Lipson is hoping to roll out aggressively in the next few months across all states in which medical marijuana is legal as well and into Canada as well. 

“We’re priding ourselves on the concept of scalability,” says Lipson. Who’s relying on his co-founder, and brother, Zach, to help him execute. “That’s the underlying mantra of our strategy.”

That mantra of scalability was apparently what attracted Casa Verde, which took only two months to decide to lead the investment round into Lipson’s new venture. “I started talking to them four months ago,” Lipson said. “A month or two into it, they did the deal and took the lead and we’ve just been filling out the round with strategics.”

News Source =

Facebook really doesn’t want users to go to a fake Unite the Right counter-protest next week

in Alex Stamos/Congress/Delhi/Facebook/India/internet research agency/mark warner/Policy/Politics/privacy/Russian election interference/Sheryl Sandberg/TC/United States/Washington/Washington D.C. by

According to COO Sheryl Sandberg, getting ahead of an event called “No Unite the Right 2, DC” is the reason behind Facebook’s decision to disclose new platform behavior that closely resembles previous Russian state-sponsored activity meant to sow political discord in the U.S.

“We’re sharing this today because the connection between these actors and the event planned in Washington next week,” Sandberg said, calling the disclosure “early” and noting that the company still does not have all the facts.

A Facebook Page called “Resisters” created the event, set to take place on August 10, as a protest against Unite the Right 2 — a follow-up event to last year’s deadly rally in Charlottesville, Va. that left peaceful counter-protester Heather Heyer dead.

The Page, which Facebook identified as displaying “coordinated inauthentic behavior,” also worked with the admins from five authentic Facebook Pages to co-host the event and arrange transportation and logistics. Facebook has notified those users of its findings and taken down the event page.

This isn’t the first event coordinated by fake Facebook accounts with the likely intention of further polarizing U.S. voters. In a call today, Facebook noted that the new inauthentic accounts it found had created around 30 events. While the dates for two have yet to pass, “the others have taken place over the past year or so.”

Facebook will not yet formally attribute its new findings to the Russian state-linked Internet Research Agency (IRA). Still, the Resisters Page hosting “No Unite the Right 2, DC” listed a previously identified IRA account as a co-admin for “only seven minutes.”

That link, and whatever else the public doesn’t know at this time, is enough for the Senate Intel committee vice chairman Mark Warner to credit the Russian government with what appears to be an ongoing campaign of political influence.

“Today’s disclosure is further evidence that the Kremlin continues to exploit platforms like Facebook to sow division and spread disinformation, and I am glad that Facebook is taking some steps to pinpoint and address this activity,” Warner said in a statement provided to TechCrunch. “I also expect Facebook, along with other platform companies, will continue to identify Russian troll activity and to work with Congress on updating our laws to better protect our democracy in the future.”

Facebook’s chief security officer, Alex Stamos, maintained that the company “doesn’t think it’s appropriate for Facebook to give public commentary on political motivations of nation states” and calls the IRA link “interesting but not determinant.”

News Source =

The United States needs a Department of Cybersecurity

in China/Column/computer security/Congress/cyberattack/cybercrime/Cyberwarfare/Delhi/department of defense/Department of Homeland Security/department of justice/executive/Federal Bureau of Investigation/Government/hacking/India/national security/Politics/Russia/San Francisco/Security/spy/United States/Washington by

This week over 40,000 security professionals will attend RSA in San Francisco to see the latest cyber technologies on display and discuss key issues. No topic will be higher on the agenda than the Russian sponsored hack of the American 2016 election with debate about why the country has done so little to respond and what measures should be taken to deter future attempts at subverting our democracy.

For good reason. There is now clear evidence of Russian interference in the election with Special Counsel Mueller’s 37-page indictment of 13 Russians yet the attack on US sovereignty and stability has gone largely unanswered.  The $120 million set aside by Congress to address the Russian attacks remains unspent. We expelled Russian diplomats but only under international pressure after the poisoning of a former Russian spy and his daughter.

Recent sanctions are unlikely to change the behavior of the Putin administration. To put it bluntly, we have done nothing of substance to address our vulnerability to foreign cyberattacks. Meanwhile, our enemies gain in technological capability, sophistication and impact.

Along with the Russians, the Chinese, North Koreans, Iranians and newly derived nation states use cyber techniques on a daily basis to further their efforts to gain advantage on the geopolitical stage. It is a conscious decision by these governments that a proactive cyber program advances their goals while limiting the United States.

Krisztian Bocsi/Bloomberg via Getty Images

We were once dominant in this realm both technically and with our knowledge and skillsets. That playing field has been leveled and we sit idly by without the will or focus to try and regain the advantage. This is unacceptable, untenable and will ultimately lead to potentially dire consequences.

In March of this year, the US CyberCommand released  a vision paper called “Achieve and Maintain Cyberspace Superiority.” It is a call to action to unleash the country’s cyber warriors to fight  for our national security in concert with all other diplomatic and economic powers available to the United States.

It’s a start but a vision statement is not enough.  Without a proper organizational structure, the United States will never achieve operational excellence in its cyber endeavors.  Today we are organized to fail.  Our capabilities are distributed across so many different parts of the government that they are overwhelmed with bureaucracy, inefficiency and dilution of talent.

The Department of Homeland Security is responsible for national protection including prevention, mitigation and recovery from cyber attacks. The FBI, under the umbrella of the Department of Justice,  has lead responsibility for investigation and enforcement. The Department of Defense, including US CyberCommand, is in charge of national defense.  In addition, each of the various military branches  have their own cyber units. No one who wanted to win would organize a critical  capability in such a distributed and disbursed manner.

How could our law makers know what policy to pass? How do we recruit and train the best of the best in an organization, when it might just be a rotation through a military branch? How can we instantly share knowledge that benefits all when these groups don’t even talk to one another? Our current approach does not and cannot work.

Image courtesy of Colin Anderson

What is needed is a sixteenth branch of the Executive — a Department of Cybersecurity — that  would assemble the country’s best talent and resources to operate under a single umbrella and a single coherent policy.  By uniting our cyber efforts we would make the best use of limited resources and ensure seamless communications across all elements dealing in cyberspace. The department would  act on behalf of the government and the private sector to protect against cyberthreats and, when needed, go on offense.

As with physical defense, sometimes that means diplomacy or sanctions, and sometimes it means executing missions to cripple an enemy’s cyber-operations. We  have the technological capabilities, we have the talent, we know what to do but unless all of this firepower is unified and aimed at the enemy we might as well have nothing.

When a Department of Cybersecurity is discussed in Washington, it is usually rejected because of the number of agencies and departments affected. This is code for loss of budget and personnel. We must rise above turf battles if we are to have a shot at waging an effective cyber war. There are some who have raised concerns about coordination on offensive actions but they can be addressed by a clear chain of command with the Defense Department to avoid the potential of a larger conflict.

We must also not be thrown by comparisons to the Department of Homeland Security and conclude a Cybersecurity department would face the same challenges. DHS was 22 different agencies thrust into one. A Department of Cybersecurity would be built around a common set of skills, people and know-how all working on a common issue and goal. Very different.

Strengthening our cyberdefense is as vital as having a powerful standing army to defend ourselves and our allies. Russia, China and others have invested in their cyberwar capabilities to exploit our systems almost at will.

Counterpunching those efforts requires our own national mandate executed with Cabinet level authority. If we don’t bestow this level of importance to the fight and set ourselves up to win, interference in US elections will not only be repeated …  such acts will seem trivial in comparison to what could and is likely to happen.

News Source =

EU uses Privacy Shield review to press for reform of U.S. foreign surveillance law

in Delhi/EU-US Privacy Shield/Europe/European Union/Government/human rights/India/mass surveillance/national security/personal data/personally identifiable information/Policy/Politics/privacy/safe harbor/Security/snowden/TC/United States/Washington by

A one-year-old data transfer mechanism that’s used by thousands of companies to authorize transfers of personal data between the European Union and the U.S. for processing has been given the thumbs up after its first annual review.

“The Commission’s general view is that the American authorities are living up to their commitments and that the system works,” said Commissioner Vera Jourova today. “The US side have put in place the necessary structures and procedures to ensure the correct functioning of the Privacy Shield. Such as new redress possibilities for EU individuals and co-operation channels with European data protection authorities.”

But while the Commission said the implementation is, in its view, functioning well at this nascent stage it also wants to see improvements — and has made a number of recommendations.

These include more proactive and regular monitoring of US companies’ compliance with their obligations under Privacy Shield; raising awareness for EU users that a complaint pathway is open to them if they have concerns about how a US company is handling their personal data; and closer co-operation between U.S. and EU authorities to enforce privacy, such as by developing guidance for companies and enforcers.

The Commission said it will work with U.S. authorities to follow-up on its recommendations in “the coming months”, as well as continuing to “closely monitor” the functioning of the data transfer framework, including the U.S. authorities’ “compliance with their commitments”.

Its review report is also being sent to the EU parliament, Council and Article 29 Working Party so additional responses from other EU institutions are likely in the coming months.

Pushing for FISA Section 702 reform

Jourova also confirmed the EC is actively lobbying U.S. politicians engaged in the debate around reforming Section 702 of the Foreign Surveillance Intelligence Act (FISA). So while US intelligence agencies are pressing hard for the controversial portion of the law which allows the US government to intercept the communications of foreign intelligence targets to be made permanent, EU officials are pushing in the polar opposite direction.

Their lobbying position is strengthened by the fact that some 2,400 companies have now signed up to the EU-US Privacy Shield program — including tech giants such as Google, Facebook and Microsoft. The EC has the power to suspend the mechanism at any time if it feels it’s no longer providing adequate privacy protection for EU citizens’ date.

Jourova said today that the EC is hearing two lines in Washington regarding renewal of FISA 702:  One view being that Congress will reauthorize the current version of the law; and the other being that, as she put it, “there is a space for improvement in our interests — that the protection of non-American citizens could be added”.

Should the latter come to pass Jourova said it “would be very good news” for Privacy Shield, noting that the data transfer mechanism currently relies “for a very large extent” on a Presidential Policy Directive, signed by the Obama administration in 2014 (PPD-28), which imposes a number of limits on signal intelligence operations.

Having privacy provisions for foreigners’ data included in FISA would offer “much stronger protection” and be a “much more sustainable solution”, she continued, adding: “Yesterday I spoke to several Congressmen and Congresswomen… We are lobbying for improvements in this Act but we have to wait until the end of the year.”

That said, in a fact sheet relating to the review of Privacy Shield, the EC asks but does not comprehensively answer the question: “How many access requests from surveillance authorities were received by companies under the Privacy Shield?” — instead it just pulls out a few figures disclosed by Privacy Shield-certified companies that already publish transparency reports, claiming they are ‘illustrative’ of the fact that “as a percentage of total user accounts” the number of accounts affected by requests for government access to personal data “remains limited”. (A more pertinent question might be what proportion of the access requests directly involve EU citizens’ data?)

So it very much remains to be seen how red the EU’s line will be if US intelligence agencies get their way and knock back any sympathetic reform of FISA’s Section 702.

Safe Harbor -> Privacy Shield

The EU-US Privacy Shield is the replacement for the Safe Harbor arrangement which was struck down by Europe’s top court two years ago after a legal challenge by a privacy campaigner successfully argued that data protections were not adequately equivalent under the arrangement on account of U.S. government mass surveillance programs (which had been revealed by the Snowden disclosures to be harvesting EU citizens’ personal data via the NSA’s Prism program).

Safe Harbor had stood for 15 years, and EU and US officials scrambled to negotiate a new agreement to try to restore legal certainty for businesses that rely on being able to process users’ personal data in the US. The result was the EU-US Privacy Shield, which launched for signs ups in August last year.

More companies have signed up to the scheme in its first year than signed up to Safe Harbor in its first 10 years of operation, Jourova said today.

However the new data transfer mechanism has drawn criticism from the start, such as for lacking adequate privacy safeguards, and for the complexity of complaint processes it provides EU citizens seeking redress from a US company.

Ongoing concerns have also been voiced by the bloc’s influential data protection chiefs. And both it and alternative mechanisms for authorizing personal data transfers out of the region are facing legal challenges within the EU.

Jourova said that an extant challenge against so-called standard contractual clauses (SCCs) — which are used by the likes of Facebook (and many other companies) to transfer personal data between their EU and US businesses, and which earlier this month the Irish High said it would refer to Europe’s top court for a preliminary ruling — is relevant to Privacy Shield because it could also have implications for the latter’s future viability (i.e. if the ECJ decides SCCs do not in fact offer adequate protection for citizens’ data).

Although she once again expressed confidence in Privacy Shield’s legal robustness, saying it had been negotiated with knowledge of the earlier Safe Harbor ruling. “This court challenge will be the first one, probably when I consider the timing, which will declare something new on the functioning of Privacy Shield,” she said of the referral of the challenge to SCCs to the ECJ. “It has relevance for Privacy Shield.

“We have… tailored Privacy Shield on the basis of the very clear criteria set by the European Court of Justice in the Schrems [Safe Harbor] case. And that’s why I believe in continuity. I believe in the new court rulings which will consider Privacy Shield in all its parameters and will fairly assess whether it brought the necessary protection of EU people’s private data or not. And I am confident that Privacy Shield will withstand such court scrutiny.”

Unlike the prior arrangement, Privacy Shield bakes in regular (annual) reviews of the mechanism to ensure it is functioning as intended. And it’s the results of the first review that the EC has announced today.

Trust vs the Trump administration

Despite professed confidence in Privacy Shield from the EC, the mechanism has looked especially precariously placed since Donald Trump took office. The U.S. president’s decision in January to use an executive order to strip privacy rights from non-Americans under the US Privacy Act was seized upon by critics of the Privacy Shield. (Although the European Commission said the mechanism does not rely on that law for the adequacy protections necessary for it to continue to stand; rather it’s leaning on the aforementioned PPD-28).

Jourova said today that the inaugural review of Privacy Shield was especially important because of the change in US administration. Though she also had praise for US commerce secretary Wilbur Ross (but managed to make positive political noises without once mentioning president Trump by name).

“I had a very good working relationship and a very high level of trust with the people negotiating Privacy Shield under Mr Obama’s administration,” she said, discussing the difference of approaches of the two administrations to Privacy Shield. “I wondered whether we can continue based on this spirit of trust and after the second visit in Washington and after the second meeting with Wilbur Ross I can say that I tend to trust. I am positive about the approach of the American administration.

My second visit dispelled my doubts whether ‘America first’ doesn’t mean ‘American only’. Which would be bad news for the EU.

“I can say that my second visit dispelled my doubts whether ‘America first’ doesn’t mean ‘American only’. Which would be bad news for the EU.”

“Of course there is still some difference between the US and the EU — how we understand the conflict of the two priorities: Being more secure, being more protected from the privacy point of view. What I can say is after we tested and scrutinized the situation in the United States the privacy and the protection of privacy is very high on American soil,” she added. “Of course there is an emphasis on security but this is for us to balance it properly in the Privacy Shield — that both priorities, and from our point of view especially the priority of protection of data, is strongly enhanced and promoted.”

She did raise specific concerns about the Trump administration’s ongoing failure to appoint a permanent privacy ombudsperson, as required by Privacy Shield, as a key cause of concern in Europe. Asked by TechCrunch last month — after her visit to Washington — why the U.S. government has yet to nominate a permanent ombudsperson, Jourova said it was something she had asked and “stressed” in importance during the Privacy Shield review.

She was asked about this again today, and told journalists that the EC wants the post filled permanently “as soon as possible” — but also that it “didn’t want to give any deadline”. So, for whatever reason, the EC is avoiding the risk of pressing its demands too hard at this early stage of working with the Trump administration.

“I already was clear in Spring with my partners in the US that we want to have the fully fledged ombudsperson in place soon,” she added. “We were asked to be patient because, with the big change in the administration, it will take more time. But I made it very clear that now we expect them to act very quickly. But no concrete deadline.”

She was also asked about the fact the U.S. Privacy & Civil Liberties Oversight Board currently has just one standing member — out of what should be a total of five.

“We were promised that the situation will be improved soon but the procedure is rather lengthy,” she said on this. “So we, again, as in the case of ombudsperson, we didn’t give any deadline — but we make quite clear via the report that we expect the solution as soon as possible.”

Complaints and compliance

Discussing another EC recommendation, focused on the issue of complaints being made under Privacy Shield and the need to raise awareness among citizens that they are able to complain, Jourova said “practically no” complaints have been received by US companies from EU citizens, via the provided route. However she suggested this could be a result of a lack of awareness that a complaint pathway exists.

“We should not be complacent,” she said. “It might mean that people lack information. This is also the task for us — the European Commission — to inform the citizens about the possibility to get better redress and first of all to have their complaint dealt with properly.”

She said the EC also wants the US to engage in “a more proactive” and regular search for false claims by companies that they are signed up to the Privacy Shield scheme; and wants better ongoing monitoring of compliance by private US authorities.

“The Privacy Shield is placed in a challenging triangle for each regulator. It aims at striking the right balance between data privacy, security and business interest,” she said in her introductory remarks, describing Privacy Shield as both a “continuous work” and “a trust building exercise”.

“I’ve always said that the Privacy Shield was not a document lying in a drawer never checked. Both the US and the Commission will actively monitor it and the annual review is a key moment in that process.”

The EU’s influential WP29 group that’s comprised of the heads of member state’s data protection authorities is working on its own analysis of the operation of Privacy Shield — having sent its own representatives to Washington as part of the EU review delegation (as well as firing off some warning shots ahead of time).

A spokeswoman told us the group is expected to release an official statement on Privacy Shield at its next plenary meeting — likely by the end of November or beginning of December.

News Source =

Go to Top