At a glance.
- Secret Service launches Cyber Investigations Advisory Board.
- APPI continues its approach to GDPR.
- Schrems II begins to have effect as Facebook is warned by Ireland's Data Protection Commission.
- ByteDance seeks a reprieve from US sanctions.
US Secret Service announces launch of its Cyber Investigations Advisory Board.
Yesterday the US Secret Service launched its Cyber Investigations Advisory Board (CIAB), a move anticipated by announcements this past January. It's a public-private partnership. The Secret Service describes the CIAB as follows: "The 16-member CIAB is comprised of senior executives and experts from industry, government, and academia. The goal of the CIAB is simple: to provide outside strategic direction to the Secret Service’s investigative mission. This includes helping the Secret Service identify the latest trends in cybercrime, technology, law and policy, and to provide expert guidance as the Secret Service looks to modernize their training, partnerships, and investigative priorities." The full composition of the board wasn't available, but VMware Carbon Black says that Tom Kellerman, its Head of Cybersecurity Strategy, will be one of those serving on the CIAB.
Japan's data protection law grows closer to GDPR.
The 2005 Protection of Personal Information (APPI) Act in Japan has moved closer to the EU's GDPR in the requirements the APPI imposes on the handling and use of personal information, according to the Daily Swig. Recently announced changes cover both data breach reporting and the use of facial recognition data gathered security cameras and other devices. The changes are relatively minor, but they do render reporting and disclosure requirements more stringent. Data breaches must now be reported on an official form, not, as before, by freeform mail or fax. And the processing techniques and ultimate purpose of facial images must now be stated clearly and immediately. Japan is regarded as having the most extensive privacy protections in Asia, and is the only country in the region to have exchanged joint adequacy findings with the European Union, a legal agreement that testifies to the laws' rough equivalence.
Schrems II begins to have effect.
Ireland’s Data Protection Commission, the EU’s one-stop GDPR shop for many American companies, has told Facebook to stop transferring data about its European users to the US, the Wall Street Journal reports. It represents the beginning of an enforcement action under Schrems II, a July ruling by the European Court of Justice that invalidated the Privacy Shield arrangement that had previously governed data transfer between the EU and the US. The relevant portion of that ruling reads, "Supervisory authorities are required to suspend or prohibit a transfer of personal data to a third country where they take the view, in the light of all the circumstances of that transfer, that the standard data protection clauses are not or cannot be complied with in that country and that the protection of the data transferred that is required by EU law cannot be ensured by other means,” It's widely expected that only substantial revision of US privacy regulations in a strongly European direction would enable the reestablishment of a trans-Atlantic data modus vivendi.
ByteDance seeks a via tertia through US sanctions.
The Washington Post says that ByteDance, TikTok’s corporate parent, is in discussions with the US Government to determine if US security concerns can be allayed by anything short of the sale of much of the social platform to American companies. It’s unclear what alternative arrangements might satisfy the US Government, but ByteDance’s general line appears to be that banning TikTok will have unintended, unexpected, and undesirable consequences. One of those alleged consequences seems to be, surprisingly, and counter to general impressions, that TikTokers tend to skew conservative, and that a ban would leave the social media field open to progressives. Much reporting of that particular move tends to regard that claim with a degree of skepticism. In any case, ByteDance has until September 20th to either sell off significant pieces of TikTok or face the ban promised in the August 6th Executive Order.