Thursday, December 24, 2015

Friday, December 11, 2015

Commission adapts notification procedures following State aid modernisation package

The European Commission has adopted a new state aid Implementing Regulation. In the context of the State Aid Modernisation (SAM) initiative, State aid guidelines and frameworks have been modified. The Commission has therefore updated certain procedural rules set out in the Implementation Regulation in order to align notifications of planned state aid measures submitted by Member States with the new rules. The new Implementing Regulation contains revised notification forms and information sheets to be completed by Member States. It allows the Commission to collect all the necessary information for conducting a sound assessment. 

The new Implementing Regulation also provides further guidance to Member States on how to comply with transparency requirements introduced by SAM. In particular, it includes which information Member States should publish about aid measures above a certain threshold. This will improve the transparency of public funding, reduce uncertainties and enable companies to check aid granted to competitors. The full text of the new regulation will be published on the DG Competition website today. It will then be published in the EU Official Journal and enter into force 20 days after its publication there. 

read full article at Europa 

Mergers: Commission continues investigation of Hutchison 3G /Telefónica UK merger without referral to UK

Commission does not refer investigation of Hutchison/Telefónica UK merger to UK

The European Commission has decided not to refer the planned acquisition of Telefónica UKby Hutchison to the UK competition authority. The Commission concluded that it was better placed to ensure consistency in the application of merger control rules in the mobile telecommunications sector across the European Economic Area (EEA).

On 11 September 2015, Hutchison 3G UK notified its plans to acquire sole control of Telefónica UK to the Commission.

On 2 October 2015, the UK competition authority submitted a request under Article 9(2) (a) of the EU Merger Regulation. This provision allows a Member State to request the Commission to refer all or part of the assessment of a case to it, provided that the competitive effects are purely national.

In deciding whether to refer a case upon such a request, the Commission particularly takes into account which authority is better placed to deal with the case at hand. In the case of Hutchison 3G UK/Telefónica UK, the Commission concluded that, given its extensive experience in assessing cases in this sector, it was better placed to deal with the transaction and ensure consistency in the application of merger control rules in the mobile telecommunications sectors across the EEA.

read full article at Europa 


First-Ever Breach Notification Law Passed in the EU

The European Union agreed Monday to its first cybersecurity law, dubbed the Network and Information Security Directive, which mandates certain companies, like those operating critical infrastructure or financial services, along with Internet companies such as Amazon and Google, to report large-scale security incidents, Reuters reports. "The Internet knows no border—a problem in one country can have a knock-on effect in the rest of Europe,” said the European Commission’s Digital Chief, Andrus Ansip. “This is why we need EU-wide cybersecurity solutions.


This agreement is an important step in this direction,” he added. “Member states will have to cooperate more on cybersecurity, which is even more important in light of the current security situation in Europe,” said European Parliament's Rapporteur Andreas Schwab.


read full article at IAPP

EU counter-terror bill is 'indiscriminate' data sweep

Legislators are rushing through a counter-terrorism bill described by the EU's top data protection chief as one of the largest indiscriminate collections of personal data in the history of the European Union.

MEPs on Thursday (10 December) are set to rubber stamp the EU's passenger name record (PNR) bill following intense pressure from French authorities in the aftermath of the Charlie Hebdo killings earlier this year and the Paris attacks in November.

Giovanni Buttarelli, the European data protection supervisor, remains highly critical.
"The establishment of a new large-scale database will require years and an unbelievable about of money,” he told this website on Wednesday (9 December).

"[PNR] is the first large-scale and indiscriminate collection of personal data in the history of the European Union.”

The bill, described by French interior minister Bernard Cazeneuve as "indispensable in the fight against terrorism,” will add to the ever-expanding list of counter-terrorism measures in Europe.

By Nikolaj Nielsen 
read full article at EUobserver 


The European Union's case of doublethink: New cybersecurity rules and backdoor dreams

EU lawmakers have agreed to enforce a set of cybersecurity rules across the bloc which demand that critical service providers can no longer brush data breaches under the carpet -- but contrary beliefs when it comes to backdoors and weakened cryptography threaten to completely negate all efforts.

Businesses operating in the European bloc that deliver essential services, such as transport control or electricity grid management, will soon be expected to invest in security solutions which will make corporate networks robust enough to withstand cyberattacks -- if that is ever possible, of course -- due to a fresh set of regulations laid down by members of the European Union. 

By Charlie Osborne 
read full article at ZDNet 

Employee Error Leading Cause of Data Breaches, New Survey Says

A company’s cybersecurity is only as strong as its weakest link.

“Employee error” turns out to be the most common reason for a data breach at companies, according to a new cybersecurity report released Wednesday by the Association of Corporate Counsel. This means the breach occurred as the result of a mistake the employee made, such as accidentally sending an email with sensitive information to someone outside the company. 

By  Nicole Hong  
read full article at WSJ 

Isabelle Falque-Pierrotin: We are not asking for a Safe Harbour number 2

The United States must answer the real concerns of EU judges about European citizens' data within the US, when it is accessed by the American intelligence services, says Isabelle Falque-Pierrotin.

Isabelle Falque-Pierrotin is head of the French data protection authority CNIL and current chair of the Article 29 Working Party, the group of privacy watchdogs from EU member states.

After the European Court of Justice ruled the Safe Harbour data sharing agreement between the EU and the US invalid in October, the group called on the Commission to strike a deal with the US on a new data transfer agreement by the end of January 2016.

Falque-Pierrotin was interviewed by Catherine Stupp. 


read full article at EurActive  

Tuesday, December 8, 2015

With No European Safe Harbor, Facebook Faces Privacy Complaints On Multiple Fronts

Facebook’s least favorite Austrian, lawyer and privacy campaigner, Max Schrems, has updated his data protection complaints against the social network giant in the light of the recent EJC strikedown of the Safe Harbor transatlantic data-sharing agreement.

Schrems has now filed an updated complaint against Facebook with the Irish data protection authority — where his original complaint was filed back in June 2013. The substance of the complaint relates to European Facebook users’ data being pulled into NSA mass surveillance programs once it has been exported to the U.S. — and thereby, Schrems contends, undermining fundamental European data protection rights.

by Natasha Lomas 
read full article at Techcrunch 

EU lawmakers, countries agree on bloc's first cyber-security law

EU lawmakers and member states struck a deal on the bloc's first cyber-security law on Monday that will require Internet firms such as Google and Amazon to report serious breaches or face sanctions.

The deal, following five hours of negotiations between the European Parliament and EU governments, was reached in response to increasing worries about cyber attacks resulting in security and privacy breaches. 


by Julia Fioretti 
read full article at Reuters 

Thursday, December 3, 2015

Telecoms giant BT in £15m data deal with government

Telecoms giant BT is set to provide data centre services to the Department of Finance and Personnel under a £15m contract.

The facilities will house IT services for both the Northern Ireland Civil Service and the wider public sector.

BT will manage the two centres' operations, while the public sector will continue to manage the IT systems within them.

read full article at Belfast Telegraph 


Orange reaffirms it has no plans for Telecom Italia tie-up

French telecoms group Orange reaffirmed on Wednesday that it has no plans for a tie-up with Telecom Italia and that it has not begun any discussions with the Italian telecoms operator. 

"Contrary to certain rumours in the press and other speculation, Orange affirms that it has not started discussions with Telecom Italia and that there is no plan for a tie-up," an Orange spokesman said in an emailed statement.

Two sources with direct knowledge of the matter told Reuters that Orange had hired investment banks Morgan Stanley and BNP Paribas to assess the merits of doing a deal with other network operators in Europe, including Telecom Italia.

read full article at ET Telecoms 

Orange denies Telecom Italia talks but reviews European market

Orange is not in talks with Telecom Italia (TI) but hired investment banks to advise on a European strategy, according to media reports.

Among the options are a potential tie-up with Telecom Italia, according to a Bloomberg report. However, the company later said no talks had actually taken place with the Italian incumbent. Likewise, TI’s CEO Marco Patuano denied discussions had occurred earlier this week.

“Orange’s financial and strategic management team is working with banks to finetune its view of the evolution of the telecoms sector in the context of a single market on a 5- to 10-year horizon,” an Orange spokesman told Reuters.

by Richard Handford 
read full article at Mobile World 

BT trying to 'remonopolise' UK telecoms sector, says Vodafone chief

The Vodafone chief has accused BT of trying to turn Britain’s telecoms sector back into a monopoly by forcing broadband on to its old network and giving consumers speeds that are slower than in southern Europe.

Vittorio Colao called for BT’s infrastructure division, Openreach, which operates the cable network, to be spun off into a separate company so UK consumers could get access to modern, fast fibre connections.

He said splitting off Openreach would stave off the biggest risk facing the industry in the UK and Europe – “remonopolisation” – which could turn back 30 years of increased competition and better service.

BT responded that Colao’s comments were “highly misleading” and that the UK was one of the world’s most competitive telecoms markets.

by Sean Farrell
read full article at The Guardian 


CCS’s yearly forecast sees telecoms mergers and rise of wearables

Next year could see radical new smartphone designs, a move by Google into European mobile services and the possible acquisition of broadcaster ITV by BT as it seeks to strengthen its television platform.

That is according to the latest predictions by analysts CCS Insight, whose annual forecasts for the technology, telecoms and media sectors are keenly watched by industry executives, and were published on Wednesday. 

CCS appears on relatively safe ground with a forecast that the European telecoms market could consolidate into six or seven major telecom providers by 2025, with companies including Deutsche Telekom, Orange, Vodafone, CK Hutchison, Altice and TeliaSonera expected to lead the deal making.

Regulators in Brussels have also flagged that cross-border mergers would be welcomed to strengthen regional businesses.

by Daniel Thomas 
read full article at Financial Times 

EU hopes for new ‘safe harbor’ deal with US by January

The United States and European Union will take stock December 17 on negotiations over data transfers across the Atlantic. The new agreement will replace the “safe harbor” pact struck down by a European court last month.

EU Justice Commissioner Věra Jourová told Austrian newspaper Wirtschaftsblatt that the replacement legislation to the safe harbor pact, which was struck down by the European Court of Justice, will be reviewed. The Commission aims to conclude negotiations in January 2016.

This agreement will be a “bridge” between the data protection authorities of the EU and the U.S, she said in the interview published on Monday.

Since the safe harbor decision, companies have been scrambling to find legal avenues to transfer data across the Atlantic. The safe harbor agreement was used by more than 4,000 companies, including Facebook, Adobe, and Weight Watchers.


By Ginger Hervey
read full article at Politico 


Deal close on EU passenger name records

Fear of easy transit for terrorists appears to have galvanized political leaders to finish legislation to track airline passengers within the European Union and abroad. 

The next round of three-way negotiations between European Parliament, Council and Commission starts Wednesday, with the final scheduled meeting on the 15th and a goal for a year-end pact. 

Some camps are far apart on a few key issues, including geographic scope and the length of data storage, but the Paris attacks apparently have made some politicians ready to deal. 

“[The socialist and liberal groups] are probably under more pressure and are more willing to discuss,” said Axel Voss, the shadow rapporteur for the center-right European People’s Party (EPP). “But deep in their hearts, they don’t like it.”

by Zoya Sheftalovich and David Meyer 
read full article at Politico


More of GDPR Comes Into Focus: Fines, DPOs and Breaches


With eight trilogue meetings in the books, the negotiators looking to reach a final draft of the EU’s General Data Protection Regulation by Christmas are in the home stretch. Yet again this week, Green MEP Jan Philipp Albrecht, Parliamentarian rapporteur for the GDPR, reported a goal of reaching an agreement before the end of the year. No party from the Commission or Council has indicated anything to the contrary. 

Rather, we are now seeing the release of compromise positions as lobbying from consumer and industry groups intensify. 

Most recently, Statewatch.org released two documents from the Luxembourg presidency, the first is a 186-page consolidated draft of the entire document in “preparation for trilogue,” which will continue with meetings December 10 and 15, the second is a targeted summary of proposed compromise positionsthat the Luxembourg presidency would like for the full Council to consider. 

The presidency asks that the Council’s Committee of Permanent Representatives (COREPER) consider the recommended compromise positions when it meets Dec. 2.

by Sam Pfeifle
read full article at IAPP


Freedom of the press is bad news for net neutrality

When the FCC adopted net neutrality rules earlier this year, Chairman Tom Wheeler assured skeptics that rules regulating broadband Internet service providers (ISPs) “do not regulate Internet content.” 

This theory rests on a seriously flawed (though all too common) understanding of the First Amendment. The troubling fact is that the FCC’s new regulations governing ISPs – the companies that deliver Internet content to people’s homes – threaten basic liberties guaranteed under the Bill of Rights. 

Wheeler’s interpretation of the First Amendment’s prohibition against laws “abridging the freedom of speech, or of the press," treats the freedoms of speech and the press as if they were one and the same. But the Founders recognized that freedom of speech and freedom of the press are distinct concepts that both need clear protection. Speech refers primarily to communications themselves (e.g., the spoken or written word) and the press refers to the technologies and processes that produce mass communications. 

By Fred B. Campbell, Jr.
read full article at The Hill 

Internet of Things: many uses but what about rules?

The European Union is expecting great benefits from the Internet of Things, but the online connection of physical devices via sensors is also a potential head-scratcher for policymakers.

There is a multitude of possibly disruptive ways in which the Internet of Things (IoT) may affect European legislation.

“It's easy to get a headache. Where do you start?”, said the European Commission's Thibaut Kleiner recently.

Kleiner, head of the commission unit that deals with network technologies, moderated a panel session on IoT policy last Thursday (26 November), at a Brussels conference titled 'The Future of Internet of Things in Europe', organised by the Digital Enlightenment Forum, Huawei, and the European Parliament's magazine.

By Peter Teffer 
read full article at EU Observer 

A privacy standard for Internet of Things suppliers

The Internet of Things (IoT) is poised to generate the next economic big bang. But the expected boom will go bust if people worry about losing their privacy in the IoT ecosystem. 

The time is right for the stakeholders who stand to gain billions from the IoT to rally behind a common privacy standard that earns user trust.

Industry analysts agree on one thing: An explosion of Internet-enabled consumer products, connected cars, smart homes and wearables will generate a global economic boom over the next five years. 

One third of enterprise respondents to Computerworld’s Forecast Study 2015 last November said they were initiating IoT initiatives this year. Forbes reported in July that the pace had dramatically accelerated, with over three-quarters now jumping onto the IoT bandwagon. 

By Jay Cline
read full article at ComputerWorld 



Facebook bows to Belgian privacy ruling over cookies

Facebook has said that it will respond to a privacy ruling in Belgium by requiring users to log in to view pages on the site.

The original ruling, made by the Belgian Privacy Commissioner (BPC) in November, relates to Facebook cookies that track the activity of non-users.

The company expects to receive an order this week, which it will contest. But in the meantime, cookies will not be set for non-users and accounts will be needed to access content.

Cookies are text files that record the web activity of users and the one in question, which Facebook has named datr, can live in a web user's browser for two years.


By Chris Baraniuk
read full article at BBC 



Congress Considers Email Privacy Reform

Just days after the largest reform to U.S. surveillance law in years took effect, lawmakers on Tuesday held a long-awaited hearing on reforming the Electronic Communications Privacy Act (ECPA). By far the most widely supported bill in Congress, the Email Privacy Act—introduced nearly two-and-a-half years ago—was the center of attention during the House Judiciary Committee hearing, and though it was clear lawmakers on the whole supported it, there is still disagreement on how best to move forward.

“Everyone on this panel agrees a warrant requirement for digital information is needed,” said Red Branch Consulting Founder Paul Rosenzweig, one of six panelists at the hearing. “It’s unbelievable we haven’t been able to work out the details of how to do that.”

At one end, civil and criminal law enforcement are concerned that parts of the proposed reforms will hurt their ability to investigate criminal activity, while at the other, the technology industry as well as privacy and civil liberties advocates are concerned that a nearly 30-year-old law is being rapidly outdated by digital technology and needs an update ASAP.

Jedidiah Bracy, CIPP/E, CIPP
read full article at IAPP