No deal Brexit and data
The government released a second set of technical notices providing guidance on the impact of a no deal Brexit, including implications for data.
Among the 28 documents published on gov.uk, last Thursday, was a warning on how a no deal Brexit could hinder the free flow of personal data.
Although this will not impact the UK’s commitment to the EU’s General Data Protection Regulation and the Data Protection Bill, the government stated that the legal structure for sending personal data to and from the EU would have to change.
Data flows no deal notice isn’t fit for purpose. Huge gaps- on BCRs, on UK SCCs and on support for businesses. Intention on unilateral adequacy right but whole thing shows just how damaging no deal would be for digital economy.
— Giles Derrington (@G_Derrington) September 13, 2018
Commenting on the paper, Julian David, CEO of techUK, said: “It is right that the Government takes a proactive approach to planning for No Deal. However, today’s notices show is that such a scenario would be hugely damaging to the UK. On everything from the free flow of data that underpins almost every business transaction, to the ability to drive in Europe, both businesses and consumers will face additional costs, complexity and bureaucracy. That is why techUK strongly supports the Government’s continued objective of securing a comprehensive deal between the UK and the EU.”
>See also: What would a no deal Brexit mean for techs?
“The technical notice on personal data is a text book example of the problems that a No Deal Brexit would cause. We recognise it would still be the intention of the UK to seek an adequacy decision and welcome the clarity that the UK is ready to start those discussions now. While we fully support the Government in its aim to achieve adequacy, this will not be ready in the event of No Deal.”
“While the decision to unilaterally allow data from the UK to flow to the EU is the right thing to do, the Government can do nothing to help UK companies seeking to transfer data from the EU to the UK. Instead, they will have to rely on complex processes such as Standard Contractual Clauses (SCCs). SCCs are currently subject to a major legal challenge in the EU and so their future is in doubt. While this is out of the UK Government’s control, businesses need to be aware of this fact and it is, therefore, disappointing that it is not recognised in the technical notice.”
Copyright Directive
The European Parliament approved amendments to the controversial Copyright Directive as critics warn it could signal the end of the “open internet”.
According to advocates for the directive, it merely aims to provide greater protection for copyright owners by putting the onus on websites and information service providers to take down copyright infringing material.
>See also: The EU Copyright Directive: Seeing the funny side?
The directive was initially rejected by MEPs in July following significant criticism of Articles 11 and 13 by critics.
Copyright Directive vote deeply disappointing. Big blow for future of EU’s digital economy. Idea this helps creatives isn’t one shared by many actors/ comics and musicians I know who value sensible balance between copyright and fan interaction/ collaboration.
— Giles Derrington (@G_Derrington) September 12, 2018
However, this view is not shared by all, particularly when it comes to article 11 and 13. Article 11 controversy stems from how it forces online platforms to pay news organisations for the using their content. Article 13 places responsibility on tech giants to take precautions to ensure that agreements with rights holders for the use of their work are in place.
Giles Derrington, head of policy at techUK, said: “Far from advancing the European digital economy through the Digital Single Market, the proposals adopted by the European Parliament today will lead to significant additional burdens on companies seeking to serve the European market. It is bad news, not just for UK digital businesses, but also for the general public who now risk seeing their freedoms online being restricted.”
“While the aims of the Copyright directive proposals were understandable, the method that has been adopted will not achieve the stated objectives. Requirements for platforms to filter all user uploaded content will likely result in a reduced user experience and the over-removal of legitimate content. The creation of a new neighbouring right for press publishers will make sharing news articles online more difficult, making it harder for the public to find good quality journalism online. Today was also a lost opportunity to make Europe a more attractive place for Artificial Intelligence development. Instead, fragmented rules across the EU will mean a confusing picture on where text and data mining technologies are allowed.”
“The proposals will now enter interinstitutional negotiations with the European Commission and European Council where there is an opportunity for further compromise. techUK urges the negotiators to take any steps possible to protect the open internet during these discussions.”
World cyber war
Are we in the midst of a world cyber war?
According to a new study from Venafi, the cyber security firm, most security professionals seem to think so.
It appears 86% of IT security professionals believe the world is currently in the middle of a cyber war. In addition, 40% of respondents think a nation-state cyber-attack has already cost human lives.
>See also: Inside the mind of a state-sponsored hacker
“The bottom line is that the notion of war is changing from something that you do with bullets and guns on the ground to something you do with bits and bytes,” said Jeff Hudson, CEO for Venafi. “Essentially, this is a war about compromising and controlling information. Once you fully understand that, it’s pretty easy to see that we are in a full-on cyber war right now.”
The survey, conducted at the Black Hat conference in Las Vegas, also found that 88% of security professionals believe that misinformation campaigns designed to manipulate public opinion for political outcomes are acts of cyber war.
GDPR: are you over-reporting data breaches?
It seems that in an effort to do the “right thing” companies are inundating regulators with unnecessary breach reports.
This week it was reported, in ITPro, that Information Commissioner’s Office (ICO), has been receiving 500 reports by telephone per week since GDPR came into force, a third of which fail to meet the threshold for a data incident.
>See also: What constitutes an Information Commissioner’s Office fine?
Lillian Tsang, Senior Data Protection and Privacy Consultant from Falanx Group, said: “It is difficult for a company to decide what is a reportable breach and what is not, even though the legislation is clear. It is the assessment, “whether a breach poses a risk to people’s right and freedom” which makes a breach reportable – this part is the difficult/uncertain element that a company faces.
“A company would have to come down to a decision, and it would be their decision alone so that it can become a matter of subjectivity: a case of “do we or don’t we”. Companies don’t want to play a guessing game because they would rather report a breach, to avoid fines of non-reporting (10 million euros – 2% of global annual turnover) than potentially face the financial and reputational consequences.”
>See also: Elizabeth Denham: A profile of the Information Commissioner
“A breach where sensitive data is leaked relating to individuals is reportable, but an outage where individuals cannot access their personal data is not going to cause too much distress in most cases. However, such outages are commonly reported because companies would “rather be safe than sorry.”