At a glance.
- More on the EU’s Digital Services Act.
- Bipartisan bill would require quantum-resistant encryption for US federal agencies.
- Comparing the PIPL to the GDPR.
- White House considers limiting DoD’s powers over cyberoperations.
More on the EU’s Digital Services Act.
As we noted yesterday, the European Parliament this weekend passed the Digital Services Act (DSA), legislation aimed at providing a more transparent and secure online environment for EU citizens. Among the act’s numerous measures is a law, prompted by the war in Ukraine, that gives authorities the power to impose a state of emergency on social media sites, search engines, and online marketplaces in times of crisis.
Henna Virkkunen, a Finnish member of European Parliament from the European People's Party, stated, “It was agreed that when a crisis occurs, such as a public security or health threat, the Commission may require very large platforms to limit any urgent threats on its platforms.” As Wired explains, the law is especially geared toward online platforms with more than 45 million EU users – in other words, tech giants like Facebook, TikTok, and Amazon. It’s also notable that, while in the past the EU’s only tech regulator resided in Ireland, where most big tech headquarters are located, the DSA will be enforced by the European Commission, giving all twenty-seven of the EU’s member states greater say when it comes to digital regulation. European official Thierry Breton explains, “Any national authority will be able to request that illegal content be removed, regardless of where the platform is established in Europe.”
Bipartisan bill would require quantum-resistant encryption for US federal agencies.
Three members of the US House have introduced the Quantum Computing Cybersecurity Preparedness Act, a bipartisan bill calling for the federal government to incorporate quantum-resistant algorithms and encryption tools into the computer networks of federal agencies. Executive Gov reports that the measure would require the Office of Management and Budget to help the Chief Information Officers Council in creating a plan for agencies to implement cryptography techniques to better secure their systems against cyberthreats. Co-sponsored by Representatives Ro Khanna, Gerry Connolly, and Nancy Mace, the measure is supported by tech companies like IBM, Google, and Quantinuum.
Comparing the PIPL to the GDPR.
The experts at Cooley continue their breakdown of how China's Personal Information Protection Law (PIPL) and the European Union’s General Data Protection Regulation (GDPR) set restrictions on the transfer of personal data across borders. One major takeaway is that the best way to ensure that data importers properly process any received personal daa is to impose contractual obligations including an audit right for data exporters. Cooley also includes a handy chart comparing and contrasting the GDPR’s data requirements, consent rules, and impact assessment provisions against those of the PIPL.
White House considers limiting DoD’s powers over cyberoperations.
As the war in Ukraine rages on, the Biden administration is considering a proposal to remove the Department of Defense’s (DoD) power to conduct offensive cyberoperations, instead implementing a centralized approval process from the White House. Historically, in times of military conflict the DoD is given authority to conduct military operations. As cyberoperations did not previously fall under this umbrella, in 2012 the Obama administration established Presidential Policy Directive 20, which implemented a centralized interagency review process to approve offensive cyberoperations. The directive gave other government organizations the power to veto such cyberoperations, creating what some considered a “too many cooks” scenario that impeded approval and resulted in little actual action.
The Trump administration changed all that with National Security Presidential Memorandum 13, which gave the DoD the authority to skip the lengthy approval process in order to expedite “time-sensitive” offensive cyberoperations. As well, the 2019 National Defense Authorization Act delegated authorities to the Pentagon to conduct “military activity and operations in cyberspace.” Now, the Wall Street Journal reports, as the Biden administration considers removing the DoD’s authority and reinstating an approval process, some experts argue that the DoD should maintain the power to conduct cyberoperations in times of crisis, and that the White House should instead preemptively set clear guidelines limiting what the DoD can and cannot do with that power.