At a glance.
- UK telecommunications security act receives Royal assent.
- Amazon lobbyists and consumer data privacy regulation.
- Privacy bill advances in Pakistan.
- Comment on the US Federal Reserve's disclosure rule.
UK passes law to exclude Huawei from 5G infrastructure.
The Register reports that the UK’s Telecommunications (Security) Act has been given Royal Assent, allowing Her Majesty’s Government control over the UK’s communication networks’ use of telecommunication companies considered to be high-risk. The fact that this law is directed at controversial Chinese telecom Huawei is no secret; the official public statement on the matter was titled "Government enshrines in law power to strip out Huawei."
Due to security concerns, officials decided last year to ban Huawei from the integral elements of the UK telecommunications infrastructure, declaring that the hardware must be removed from mobile networks by 2027. The Evening Standard adds that companies found in violation of the law can be fined up to £100k per day. “This is a major step forward in protecting our internet traffic and the millions of calls we make every day,” Julia Lopez, minister for media, data and digital infrastructure, said. “We can now manage our networks confidently and deliver the revolutionary benefits of 5G and full-fibre broadband to people and businesses.”
Amazon corporate affairs lobbies against data privacy laws.
Reuters investigates how recent lobbying efforts at Amazon have thwarted privacy laws in dozens of bills, seemingly to help the company continue to collect lucrative user data without restraint. Amazon employees shared confidential internal documents revealing that in twenty-five states, the company impacted privacy legislation by making large political donations and pushing for amendments to weaken proposed privacy laws. The mastermind said to be behind the operations, Jay Carney, was a former communications director for Joe Biden during his time as VP and served as press secretary for President Barack Obama. When he was hired by Amazon in 2015, he developed a corporate affairs department that combined public policy and public relations experts, and during his tenure the team has expanded from twenty-four to two-hundred-fifty.
Pakistan drafts data privacy bill.
Pakistan’s Ministry of Information Technology and Telecommunication has completed the final draft of the Personal Data Protection Bill, 2021, Brecorder reports. The new data privacy law seeks to define data processors’ responsibilities and data subjects’ rights, as well as regulate the activities related to personal data collection, storage, processing, and usage. The bill also addresses consent, stating that a data controller can’t process personal data unless the data subject has given permission, and separate consent must be obtained for each purpose. In the case of a data breach, organizations must notify authorities as soon as reasonably possible, not to exceed seventy-two hours of discovery. Those found in violation of the new law could be fined up to Rs25 million. The bill now awaits vetting from the Law Ministry.
Comment on the Federal Reserve's new disclosure rule.
After last week's announcement by the US Federal Reserve System's Board of Governors that regulated financial services organizations would have a thirty-six-hour window within which to report "computer incidents" with the potential to have a "material impact," Ian McShane, field CTO at Arctic Wolf wrote about the motivation for regulations mandating quick disclosure:
"This mandate is another example of the federal government flexing its influence to bring more transparency into how major (and critical) industries like banking respond to cybersecurity incidents.
"As regulated as this industry is already, it’s common sense to enforce rapid reporting on material cybersecurity incidents because of the significant impact they can have on markets and consumers. This also points to the need for industry as a whole to continue investing in better security operations to detect and contain threats before they can have a negative impact. A rising tide lifts all ships, as they say, and the regulatory pressure on banks will force the finance sector, and its IT related supply chain, to continually improve its security posture and bring more urgency and transparency into how they navigate and respond to the threat landscape."