Category Archives: Policy and Regulation

European Commission, News & Analysis, OTT, Policy and Regulation, regulation

Europe looks to set new rules for OTT in September

EuropeThe European Commission is set to release new rules in September, which will aim to tighten up how OTT’s such as WhatsApp and Skype are regulated in the European markets, according to the Financial Times.

How Over-the-top players are regulated has been a point of contention within the European markets in recent years, as it does fall into a grey area currently. Although telcos are under guidance from the European Commission regarding SMS and traditional voice calling, these rules do not directly address the services offered by the OTT’s, such as Facebook’s WhatsApp, which has been stealing business off the telcos. According to the FT, this grey area will be addressed in September, when the commission will release new rules focusing on how OTT’s comply with security requests from the state, and also how customer data can be monetized.

According to the reports, the commission will make an initial announcement in September, before providing more clarity in a separate review of the EU’s “ePrivacy” law later in the year. This is one of a number of moves across the industry to redefine regulation in light of how quickly technology has advanced over the last few years. French authorities for example, will decide in September whether Google, Viber and Skype should be registered as a telecoms provider, a move which has the potential for widespread ripples.

The reports will come as good news to various players in the telco industry, who have not been happy with the light-touch regulation which is in place for the OTT’s. Back in 2014, Spanish giant Telefónica complained there wasn’t a level playing field, as the OTT’s do not have to comply with the EU’s regulation on issues such as user rights, antitrust, security, net neutrality or Significant Market Power (SMP) obligations. The complaint, which is largely a fair one, was built on the idea that if OTT’s offer similar, or almost identical, services, they should be held accountable to the same rules.

These complaints were furthered last year, as a group of European operators, including Orange, Deutsche Telekom, Telefónica and KPN, wrote to the President of the European Commission urging changes to the regulatory landscape to enable the telcos to better compete with the new waves of OTT’s. While the telcos have been held accountable to strict regulation in recent years to ensure competition and a fair deal to the consumer, the growth in popularity for OTT’s has proved to be a tough time for the industry.

Only recently Ofcom released its Communications Market Report 2016 which added weight to the claims OTT’s are becoming increasingly popular across various demographics. The report claims the number of people who are now using instant messaging services such as WhatsApp is up from 28% to 43% in the UK. This surge in popularity has seemingly come at the expense of more traditional means of communication, such as SMS and email, which demonstrated a decline of eight and seven percentage points respectively. These stats highlight the growth of the OTT’s is likely to continue, as well as the plight of the operators.

While it has not been confirmed whether the regulations will be changed in the near future, a problem which could be faced by the European Commission may focus around investments in network infrastructure. Over recent months there have been a number of mergers which have been rejected by the European Commission, most notably O2 and Three in the UK, with the reasoning relating to competition.

Should the level of competition drop in any markets, the need for telcos to continue investment in their own infrastructures to remain competitive would also drop. This is a concern of the European Commission, though the growth of OTT’s could inadvertently have the same impact. OTT’s are certainly providing cheaper services to the consumer, though the result is a decrease in revenues for the telcos which could impact the investments which are made elsewhere within an operators business.

The report from the FT remains officially unconfirmed for the moment, though it should not be seen as a surprise should it be true. The issue over OTT regulation has been bubbling away for some time, and considering the telecommunications industry is one of the heavier hitters in terms of lobbying, pressure would have likely been exerting on the commission for some time.

Although the European Commission would not confirm the rumours, it did offer us a statement:

“The Commission is indeed working on an update of EU telecoms rules under its Digital Single Market strategy. The upcoming reform of the EU telecoms framework should incentivise and leverage more private investment in next generation networks, provide regulatory predictability and the right conditions for all operators to invest,” said Nathalie Vandystadt, Spokesperson for the Digital Single Market at the European Commission.

“The Commission has been looking into the growing importance of online players that provide similar or equivalent services to traditional communication services. The Commission is looking into to what extent people can consider OTT services like WhatsApp and Skype to be functional substitutes for services provided by traditional telecoms operators, and is considering whether scope of the current EU rules needs to be adapted, to ensure adequate levels of consumer protection and ensure that regulation does not distort competition. This does not necessarily mean treating all communications services the same for all purposes. We will present our reform of the EU telecoms framework in September.”

data protection, European Commission, News & Analysis, Policy and Regulation, Privacy Shield

Privacy Shield rubber stamped amid dissent

dataThe European Commission has formally adopted the controversial ‘Privacy Shield’ framework intended to replace the previous Safe Harbour agreement, reports Telecoms.com.

Both schemes covered the transfer of data between the EU and the US, with the balance between free movement of data and the protection of individuals a tricky one to strike. Privacy Shield has many critics who fear it does little to address the issues faced by Safe Harbour. In spite of that the EC has decided to plough forward as anticipated.

“We have approved the new EU-US Privacy Shield today,” said Andrus Ansip, Commission VP for the Digital Single Market. “It will protect the personal data of our people and provide clarity for businesses. We have worked hard with all our partners in Europe and in the US to get this deal right and to have it done as soon as possible. Data flows between our two continents are essential to our society and economy – we now have a robust framework ensuring these transfers take place in the best and safest conditions.”

“The EU-U.S. Privacy Shield is a robust new system to protect the personal data of Europeans and ensure legal certainty for businesses,” said Věra Jourová, Commissioner for Justice, Consumers and Gender Equality. “It brings stronger data protection standards that are better enforced, safeguards on government access, and easier redress for individuals in case of complaints. The new framework will restore the trust of consumers when their data is transferred across the Atlantic. We have worked together with the European data protection authorities, the European Parliament, the Member States and our U.S. counterparts to put in place an arrangement with the highest standards to protect Europeans’ personal data”.

Not everyone in Brussels was convinced, however. “The Commission has today signed a blank cheque for the transfer of personal data of EU citizens to the US, without delivering equivalent data protection rights,” said the Green Party MEP Jan Philipp Albrecht. “The ‘Privacy Shield’ framework does not seem to address the concerns outlined by the European Court of Justice in ruling the Safe Harbour decision illegal. In particular the individual rights of consumers are still too weak and blanket surveillance measures are still in place. In this context, the Commission should not be simply accepting reassurances from the US authorities but should be insisting on improvements in the data protection guaranteed to European consumers.

“The European Parliament already underlined concerns about the lack of general data protection provisions in the US when the initial Safe Harbour decision was concluded in 2000. Independent data protection authorities are still lacking in the US. EU justice commissioner Jourova must now make clear that, once the EU’s new General Data Protection Regulation enter into force in 2018, there will also be a need to revise the Privacy Shield decision.”

Elodie Dowling, VP, EMEA General Counsel at BMC Software reckons there’s still plenty of work to do. “Following negotiations between EU and US officials, the formal adoption of Privacy Shield has officially started today in the EU’s 28 member states,” said Dowling. “Starting August 1, it will then be for businesses across the US and the EU to innovate and comply around this in order to create a culture of trust amongst their customers.

 

“However, with the ongoing discussions generated throughout the negotiation period, it’s unlikely that the official adoption of the Privacy Shield closes the loophole completely. For example, it remains unclear the type of ‘assurances’ the US has provided to the EU to ensure mass surveillance does not apply or, if it does, that it happens in a transparent and framed manner for EU citizens. Surely this particular item is going to be carefully considered by data privacy activists.”

data protection, European Commission, News & Analysis, Policy and Regulation, Privacy Shield, Safe Harbour

EU moves forward with Privacy Shield despite EDPS warning

Europe US court of justiceThe European Commission has announced it will continue ahead with the EU-US Privacy Shield despite the European Data Protection Supervisor claiming the pact is not robust enough, reports Telecoms.com.

Since Safe Harbour was struck down by the European Court of Justice last year, the industry has been in limbo as politicians were unable to draft an agreement between the US and EU, which met the criteria for data protection in the European market. In May, European Data Protection Supervisor, Giovanni Buttarelli, outlined his concerns on whether the proposed agreement will provide adequate protection against indiscriminate surveillance, believing the pact would not be strong enough to stand up.

“Today Member States have given their strong support to the EU-U.S. Privacy Shield, the renewed safe framework for transatlantic data flows,” said Vice-President Andrus Ansip and Commissioner Věra Jourová in a joint statement. “This paves the way for the formal adoption of the legal texts and for getting the EU-U.S. Privacy Shield up and running. The EU-U.S. Privacy Shield will ensure a high level of protection for individuals and legal certainty for business.”

Despite the European Commission pushing forward with the draft, there have been a number of individuals and parties within the EU who have criticised the agreement. For some, the EU-US Privacy Shield is simply a reheated Safe Harbour, with very little to address the concerns of the original agreement.

Article 29 Working Group is another influential group has highlighted to the industry the pact has made progress, though it did identify a number of shortcomings when looking at mass surveillance and oversight. The new agreement does encourage organizations to be more considered and conservative when sharing data with US, however critics of the new agreement have claimed there are still too many exceptions where the US and its intelligence agencies can move around the agreement. Despite the concerns, the European Commission has ploughed ahead.

On the other side of the argument, Microsoft has somewhat unsurprisingly confirmed its support of the pact, though it has stated it should go further. In any case, a large vendor expressing its support for an agreement which would enable the organization to do more business in Europe should not be met with astonishment.

“It is fundamentally different from the old ‘Safe Harbour’: It imposes clear and strong obligations on companies handling the data and makes sure that these rules are followed and enforced in practice,” said the announcement. “For the first time, the U.S. has given the EU written assurance that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms and has ruled out indiscriminate mass surveillance of European citizens’ data.”

“And last but not least the Privacy Shield protects fundamental rights and provides for several accessible and affordable redress mechanisms. During the formal adoption process, the Commission has consulted as broadly as possible taking on board the input of key stakeholders, notably the independent data protection authorities and the European Parliament. Both consumers and companies can have full confidence in the new arrangement, which reflects the requirements of the European Court of Justice. Today’s vote by the Member States is a strong sign of confidence.”

It would appear the European Commission is moving forward to demonstrate to the industry progress is being made, though could be seen as a flimsy approach. With the concerns expressed by influential and respected bodies within the industry, it should not be seen as a surprise if the agreement is struck down once again by the European Court of Justice.

European Comission, legislation, News & Analysis, Policy and Regulation, regulation

Cyber security top of the list for European Commission after launch of €1.8bn initiative

EuropeThe European Commission has launched a new public-private partnership aimed at tackling the challenges of cyber security, and helping European companies become more competitive, reports Telecoms.com.

As part of the partnership, the EC will invest roughly €450 million, and will encourage industry to contribute healthily, targeting a total investment of €1.8 billion by 2020. The new initiative will take form through four pillars.

Firstly, the EC will encourage member states to make the most of the cooperation mechanisms under the new Network and Information Security (NIS) directive. Secondly, the EC will explore the possibility of creating a framework for certification of security products, which can then be distributed in any member state. Thirdly, the EC will establish a contractual public-private partnership with industry to nurture innovation. And finally, the team will create funds to enable SME’s to source investment and scale up.

“Europe needs high quality, affordable and interoperable cybersecurity products and services,” said Günther H. Oettinger, Commissioner for the Digital Economy and Society. “There is a major opportunity for our cybersecurity industry to compete in a fast-growing global market. We call on Member States and all cybersecurity bodies to strengthen cooperation and pool their knowledge, information and expertise to increase Europe’s cyber resilience. The milestone partnership on cybersecurity signed today with the industry is a major step.”

The new strategy builds on the EC’s ‘Open, Safe and Secure Cyberspace’ strategy which was launched in 2013 to ‘protect open internet and online freedom and opportunity’. While the initiative has launched a number of new legislative actions, there would appear to be little evidence much else has been achieved aside from ‘ensuring cooperation’, ‘ensuring a culture of security’ and ‘stepping up cooperation across Europe’. While previous work has been generalist and vague, the new proposition does at least offer encouragement there will be more concrete work achieved.

The NIS directive will support strategic cooperation and exchange of relevant information between member states, as well as creating a number of new bodies including EU Agency for Network and Information Security (ENISA), EU Computer Emergency Response Team (CERT-EU) and European Cybercrime Centre (EC3) at Europol. The plan will be to deliver a blueprint during the first half of 2017, and then deliver the initiative in an undefined timeframe. The EC has outlined a specific plan, though the lack of a timeframe seemingly removes some of the gained credibility.

“Without trust and security, there can be no Digital Single Market. Europe has to be ready to tackle cyber-threats that are increasingly sophisticated and do not recognise borders,” said Andrus Ansip, Vice-President for the Digital Single Market. “Today, we are proposing concrete measures to strengthen Europe’s resilience against such attacks and secure the capacity needed for building and expanding our digital economy.”

data protection, data residency, News & Analysis, Policy and Regulation

UK citizens trust EU countries with data more than the UK

EuropeWith the countdown to Brexit vote in its final days, research from Blue Coat has highlighted British respondents would be more trusting if their data was stored in the EU country as opposed to the UK.

Although only marginal, 40% of respondents believe the EU is a safer bet for storage of data, whereas only 38% elected the UK. Germany was perceived as the most trustworthy state, though this could be seen as unsurprising as the country is generally viewed as having the most stringent data protection laws. France ranked in second place, whereas the UK sat in third.

While the true impact of Brexit will only be known following the vote, the role of the UK in the technology world could be impacted by the decision. The research showed a notable favouritism to store data in countries which are part of the EU and under the influence of the European Commission’s General Data Protection Regulation. When looking across the Atlantic to the US, within the UK has more trust than the rest of Europe, though it could still be considered very low. In the UK, 13% said they would trust the US with their data, whereas this number drops down to 3% where France and Germany are concerned.

“The EU regulatory landscape is set to radically change with the introduction of the GDPR legislation and this research highlights the level of distrust in countries outside the EU,” Robert Arandjelovic, Director of Product Marketing EMEA, Blue Coat Systems. “Respondents prefer to keep their data within the EU, supporting new European data protection legislation.

“More concerning is the fact that almost half of respondents would trust any country to store their data, indicating too many employees simply doesn’t pay enough attention to where their work data is held. This presents a risk to enterprises, even if their employees treat where it is being hosted with little interest.”

While the impact of the Brexit vote is entirely theoretical at the moment, leaving the union could spell difficult times for the UK as EU countries favour those which are in the EU. What is apparent from the statistics is the US still has substantial work to do to counter the ill effects of the Safe Harbour agreement, which was struck down last October. The survey indicates the replacement policy, the EU-US Privacy Shield, has not met the requirements of EU citizens as trust in the US is still low.

data protection, EU, News & Analysis, Policy and Regulation, regulation

75% of apps not compliant under EU data protection rules

Research from Netskope has claimed more than 75% of business apps lack key capabilities to ensure compliance under EU General Data Protection Regulation.

The company tracked 22,000 apps of which three quarters failed to meet minimum requirements of the EU, falling down in areas such as deleting personal data in a timely manner or violating data portability requirements.

The companies who have not met the required standards now have just under two years to ensure compliance, when GDPR comes into play in 2018. Failure to meet the criteria will see a company fined up to $22 million or up to four percent of annual worldwide revenue, whichever is greater.

“The shift to the cloud presents an increasing complexity and volume of security challenges for enterprises, including regulations like the EU GDPR,” said Sanjay Beri, CEO of Netskope. “With the deadline for compliance looming, complete visibility into and real-time control over app usage and activity in a centralised, consistent way that works across all apps is paramount for organisations to understand how they use and protect their customers’ personal data.”

The number of sanctioned apps containing malware increased from 4.1% to 11% in the period between reports. More of a quarter of the instances of malware was detected in files that had been shared with others within the organization. In terms of cloud data loss prevention, cloud storage applications accounted for 73.6%, with Webmail coming in at second with 22.1%.

India, News & Analysis, Policy and Regulation, regulation

India to answer unanswered cloud questions

Location India. Red pin on the map.The Telecom Regulatory Authority of India (TRAI) has launched a consultation project to identify the challenges of governing a digital economy driven by cloud computing, reports Telecoms.com.

TRAI launched a consultation paper last week which outlined questions which still remain over the adoption and management of cloud computing. Before an adequate regulatory framework can be built, the team have highlighted a complete understanding of cloud as a technology and its business implications are required. TRAI has seemingly unearthed a number of unknowns which have been swept aside during the speedy adoption of cloud computing.

The consultation process itself will focus on several areas affecting the adoption of cloud computing in India including future trends, security, interoperability, quality of service, a legal & regulatory framework and the overall implementation of cloud services. The objective of the consultation process is to create a framework which encourages growth and adoption of the technology, while also protecting the interests of the customer.

“With a view to bring out all relevant aspects of the issues and to provide a suitable platform for discussions, TRAI has initiated this consultation paper to engage the industry and all the stakeholders on the key issues referred by Department of Telecom,” the team outlined in the consultation paper.

India is generally recognised as one of the more lucrative markets for the cloud computing industry, owing to a large population and a healthily growing economy. The report states the public cloud service market in India is expected to grow from $ 838 million in 2015 to $ 1.9 billion by 2018, while social, mobility, analytics and cloud technologies collectively could account for $1 trillion in 2016 alone.

The basis of the consultation paper would seem to be based on not only a lack of information available, but also a lack of constancy and clarity of the benefits, cost and ongoing management of the technology itself. Two areas which were given particular attention in the paper was that of lawful interception and interoperability.

According to TRAI there is currently a lack of clarity on how lawful interception will be justified and managed in a cloud-orientated, but also how data will be managed in the international community.

“One of the top security concerns of enterprises is the physical location of the data especially if they are located in another country because the laws of the host country apply to the machine and data residing on it,” the report highlighted. “That becomes an issue if the host country does not have adequate laws to protect sensitive data or if the host nation becomes hostile and depends largely on the government concerned. The primary location of the data and any backup locations must be known to ensure these laws and regulations are followed.”

From an interoperability perspective, there could be a need to formalize the means in which a customer moves from one cloud provider to another to ensure a fair proposition for the customer. Here the consultation process will focus on identifying how vendors can standardize processes and aspects of the technology to ensure interoperability, as well as what regulations need to be put forward so the customer is able to have control over his data while moving it in and out of the cloud.

Those who wish to put forward their opinions have until 22nd July to make their comments known to the organization.

Data Encryption, data protection, News & Analysis, Policy and Regulation, regulation, surveillance, UK Legislation

UK Government passes spy bill with strong majority

Lady Justice On The Old Bailey, LondonThe House of Commons has voted in favour of the Investigatory Powers Bill which gives UK intelligence agencies greater power to examine browsing histories and hack phones, reports Telecoms.com.

The bill, which now passes through to the House of Lords, has been under scrutiny since last year, with the latest version being reviewed since March. The original version of the bill, known as the ‘Snooper’s Charter’ by critics, came up against strong opposition from a host of technology companies who have registered privacy concerns. The bill itself will require technology companies to collect and store data on customers, while also allowing intelligence agencies to remotely access smartphones and other devices.

“The Bill provides a clear and transparent basis for powers already in use by the security and intelligence services, but there need to be further safeguards,” said, Harriet Harman, MP for Camberwell and Peckham and Chair of the Joint Committee on Human Rights. “Protection for MP communications from unjustified interference is vital, as it is for confidential communications between lawyers and clients, and for journalists’ sources, the Bill must provide tougher safeguards to ensure that the Government cannot abuse its powers to undermine Parliament’s ability to hold the Government to account.”

Although proposed by the Conservative party, the bill was strongly supported by the Labour party as well as the majority of the commons, with opposition primarily coming from the Scottish National Party. Despite privacy and civil rights concerns from the SNP, the bill passed with a vote of 444 to 69. The vote in the House of Lords is expected to take place in the next couple of months with the bill being passed to law in January 2017.

The bill was deemed as a high priority for intelligence agencies within the UK, it has been under scrutiny from the Joint Committee on Human Rights, after concerns it could potentially violate privacy and civil rights. As part of the review, extended protection will also granted to lawyers and journalists.

“The Joint Committee heard from 59 witnesses in 22 public panels,” said Victoria Atkins, MP for Louth and Horncastle, speaking on behalf of the Joint Committee on Human Rights and the Bill Committee. “We received 148 written submissions, amounting to 1,500 pages of evidence. We visited the Metropolitan police and GCHQ, and we made 87 recommendations, more than two thirds of which have been accepted by the Home Office.”

One of the initial concerns was a permanently open backdoor which could be accessed by intelligence agencies without oversight, which has seemingly been addressed. Intelligence agencies will have to request access, which will be granted should it not be too complicated or expensive. What the definition of complicated or expensive has not been given, however it does appear to end concerns of a government ‘all-access-pass’. Whether this is enough of a concession for the technology companies remains to be seen.

Cloud computing, data protection, data residency, EU-US Privacy Shield, European Commissio, News & Analysis, Policy and Regulation, Safe Harbour

EU-US privacy debate continues as EDPS says try again

EuropeOn-going efforts to provide clarity and guidance on transatlantic data transmission are unlikely to be seen soon as the European Data Protection Supervisor (EDPS) has outlined concerns over the robustness of the Safe Harbour successor, EU-US Privacy Shield.

European Data Protection Supervisor, Giovanni Buttarelli, outlined his concerns on whether the proposed agreement will provide adequate protection against indiscriminate surveillance as well as obligations on oversight, transparency, redress and data protection rights.

“I appreciate the efforts made to develop a solution to replace Safe Harbour but the Privacy Shield as it stands is not robust enough to withstand future legal scrutiny before the Court,” said Buttarelli. “Significant improvements are needed should the European Commission wish to adopt an adequacy decision, to respect the essence of key data protection principles with particular regard to necessity, proportionality and redress mechanisms. Moreover, it’s time to develop a longer term solution in the transatlantic dialogue.”

This is in fact the second time in a matter of months an official body has expressed concerns over the EU-US Privacy Shield, as the Article 29 Working Group voiced its concerns over the mass surveillance and oversight shortcomings that it believes are found in the pact. Back in April, WP29 commented Privacy Shield had made progress but still hadn’t covered the cracks which had Safe Harbour kicked out last year.

“The WP29 notes the major improvements the Privacy Shield offers compared to the invalidated Safe Harbour decision. Given the concerns expressed and the clarifications asked, the WP29 urges the Commission to resolve these concerns, identify appropriate solutions and provide the requested clarifications in order to improve the draft adequacy decision and ensure the protection offered by the Privacy Shield is indeed essentially equivalent to that of the EU,” said the WP29 group in its official opinion at the time.

The new Privacy Shield agreement does in fact encourage European businesses and organizations to be more considered and conservative when sharing data with US entities, however critics of the new agreement have highlighted there are still too many exceptions where the US and its intelligence agencies can move around the agreement.

While the opinion of the WP29 is respected throughout the industry, it was not a concrete sign that anything within the Privacy agreement will change. This is the same for the EDPS. There are no guarantees the agreement will be changed following Buttarelli making his opinion public, though it may be a good indicator as to what need to be done to ensure the pact stands up to scrutiny under the spotlight from the European Court of Justice. This is certainly the case for David Mount, Director of Security Solutions at Micro Focus.

“Buttarelli talks of a need for significant improvements before the agreement can be viable, which raises a key point around the self-certification aspects of Safe Harbour as it once was,” said Mount. “In the past, businesses could self-certify as compliant with Safe Harbour by simply ticking a box. But this does not create a transparent and trusting climate – in fact it does the very opposite, as is the case in any self-regulated environment.

Twitter comments“Any new agreement must be more robust, as per Buttarelli’s comments, and addressing the key issue of self-certification would be a significant step. It will be interesting to see how the EU Commission responds to the EDPS and how negotiations will continue to address the varying issues of self-certification and trust.”

Support for the agreement has been mixed as some European corners have voiced concerns, and some US opinions have been relatively positive, though this may be considered unsurprising. MEP Jan Philipp Albrecht and Edward Snowden were two who demonstrated a critical stance (see accompanying picture), while Microsoft become one of the first major US tech companies to confirm its support of the EU-US Privacy Shield.

Back in April, John Frank, Vice President EU Government Affairs at Microsoft said “we recognize that privacy rights need to have effective remedies. We have reviewed the Privacy Shield documentation in detail, and we believe wholeheartedly that it represents an effective framework and should be approved.”

Although Microsoft has demonstrated a desire to bring the issue to an end, it has also found itself on the wrong side of data requests from the US government, proving it’s no push over. The company has been involved in a drawn out lawsuit, as Microsoft has refused the US government access to data which is has stored in its Dublin data centre, telling the government it “must respect the sovereignty of other countries”.

The company has also filed a lawsuit against the US government and its associated agencies, arguing the right that customers should have the right to know when the state accesses their emails or records, as well as creating the Data Trustee model. The Data Trustee model is seemingly an effort to rebuild trust in the US business, as it hands control of its data over to a European company, in this case Deutsche Telekom, who have to give consent for a Microsoft employee to access the data.

“Businesses have already started looking to alternatives for legitimate data transfers out of the EU in case the Privacy Shield option, once formally adopted, should be taken away,” said Deema Freij, Global Privacy Officer at Intralinks. “For example, Binding Corporate Rules and EU Model Clauses are still seen as strong alternatives. Businesses have been switching to EU Model Clauses to transfer personal data to the US, which they can continue to do on an ongoing basis.

“The responsibility for businesses is only going to increase when the General Data Protection Regulation (GDPR) comes into full effect in May 2018. The next two years will be a huge test for organisations across the world as they begin to realise that data sharing practices will continue to fall under close scrutiny as the concept of data privacy evolves further.”

The EU-US Privacy Shield has made progress in addressing the concerns voiced by European citizens, companies and legislative bodies in recent months, though it is unlikely to be the final answer. In three months, two separate, independent and widely respected opinions have highlighted the short-comings of the agreement, which doesn’t inspire a huge level of confidence. How the Privacy Shield creators react to the opinion is yet to be seen, though it could be one of the deciding factors on how long the transatlantic data transmission argument continues.

data protection, Data Regulation, News & Analysis, NTT Data, Policy and Regulation

NTT Data partners with Privitar to make customers GDPR compliant

Lady JusticeNTT Data UK has announced a partnership agreement with Privitar to provide data protection solutions built on new requirements set out by the EU General Data Protection Regulation.

The GDPR requires companies to process and use the personal data of any European customers in a justifiable and ethical manner, whilst also giving increased control of the data back to the customers themselves. As the role of data increases within the business world customers have become increasingly interested in how their personal information is stored and used. Insight delivered from this data can be used to drive additional revenues for a business, though once GDPR comes into legislation in 2018, there will be strict guidance on how the data is used.

NTT Data believe this dynamic will create complications for various organizations, and claim combining the NTT Data’s data and process capabilities, with Privitar’s privacy software, will create a proposition which will comply to all GDPR data requirements.

“By combining NTT DATA’s sector-specific domain knowledge with Privitar’s software we can now deliver programmes that make our clients champions of both privacy and innovation,” said Steve Mitchener, CEO of NTT Data UK. “I’m excited that this partnership will allow our clients to fully utilise their data assets without fear of reputational and financial damage, or regulatory action.”