Does the EU’s right to be forgotten extend to the whole world? The French data protection authority, CNIL, says yes and wants search engines to delist search results which contain information that violates the European Union’s right to be forgotten – not just for French users, not just for European users, but for all users everywhere. Google is prepared to remove offending search results for European users, but balks at removing material globally just because European courts find that it violates European privacy rules.
Today, the EU and Japan announced political agreement in principle on an Economic Partnership Agreement. Overall, this should be a positive development for EU and Japanese workers, consumers, and businesses. But, it does fall short in one crucial regard. There is no binding data flow obligation yet. SIIA put out a statement on this gap today. Instead of a binding data flow commitment now, the two sides agreed to conclude an accord on data flows in early 2018.
In a March 30, 2017 opinion piece, “Don’t trade away data protection,” two leading Members of the European Parliament, Viviane Reding and Jan-Phillip Albrecht, suggest “strengthening data protection safeguards in the General Exception (known as GATS XIV) and E-Commerce chapters, and removing necessity and consistency tests.” The idea behind the proposal is to make absolutely certain that the General Data Protection Regulation (GDPR) and perhaps other parts of the EU privacy acquis could not be successfully challenged as inconsistent with an affirmative cross-border data flow obligation. This is a topic SIIA will comment on again in the coming months, likely in a longer form Issue Brief. This blog discusses the proposal to remove the necessity test.
Last week, EU Justice Commissioner Vera Jourova announced that she was going to propose a law on law enforcement access to encrypted data.
The Elliott School of International Affairs hosted a very interesting conversation today on “New Avenues to Govern Cross-Border Information Flows.” SIIA co-sponsored the event together the Internet Society of Greater Washington, D.C. The Institute for International Economic Policy (IIEP) presented the event. Research Professor and Cross-Disciplinary Fellow Susan Aaronson moderated.
I provided an industry perspective, and my talk is available here. My written remarks focus on what we hope to achieve with respect to cross-border data flows in the Trade in Services Agreement (TISA), the WTO’s E-commerce Work Committee, the G20, G7, and the OECD. However, as fellow panelist USTR Director for Digital Trade Sam DuPont concentrated on these fora, I emphasized in my spoken remarks four aspects of the cross-border data flow discussion. First, key industry “asks” such as obligations to permit data flows, avoidance of serv ...
Readers of this blog will know that the SIIA and Thomson Reuters-supported Atlantic Council study: Into the Clouds: European SMEs and the Digital Age” was released on October 10 at Aspen Berlin/Germany on October 10. We followed up in Brussels on October 12 with a lively DIGITALEUROPE workshop and a well-attended Transatlantic Policy Network dinner. In addition, I met with German and European Commission officials this week. A few takeaways from these events and meetings follow.
Cloud adoption rates are variable in Europe and surprisingly low in Germany. Low adoption in Germany derives in part from continuing surveillance concerns but is perhaps equally caused by a preference for in-house solutions, even by SMEs. Localization of data in-country remains a preference of many German companies and cloud providers increasingly provide that option to their customers who are evidently willing to pay a premium for that service.
The Commissi ...
Just as everyone was headed out of Washington for the Memorial Day weekend, CNBC did a report on Google’s Two Years of Forgetting Europeans. It was a useful summary of the material Google publishes in its transparency report on European privacy requests for search removals. It noted such interesting facts as that Google has removed 43% of the URLs they have reviewed and processed and that Facebook was the most frequently removed URL.
But the report strangely missed a major legal development that threatens a stable international understanding about the limits of domestic law in age of global communications networks.
This stable understanding is that national governments have control over the Internet within their own borders. They have right and the obligation to make the rules of the road for Internet conduct occurring within their own borders. But they don’t have the right to extend their local laws to Internet conduct within the jurisdiction of other cou ...
Those of you who read SIIA blogs, statements, and testimony know that we are big proponents of data-driven innovation. For such innovation to achieve its full potential, cross-border data flows are essential. That is why we support Trans-Pacific Partnership (TPP) digital provisions so strongly and consider them a floor for additional digital provisions in the Transatlantic Trade and Investment Partnership (TTIP) and Trade in Services Agreement (TISA). We support interoperability mechanisms such as the EU-US Privacy Shield that allow companies to transfer data from one jurisdiction to another as long as they comply with the rules established in the mechanism. This has nothing to do with undermining societal values such as privacy and everything to do with creating law-based data transfer mechanisms as we demonstrated at an October 9, 2015 Geneva event for TISA negotiators.
We are strong supporters of the EU-US Privacy Shield because it has the potential, ...
The Atlantic Council released “Building a Transatlantic Digital Marketplace: Twenty Steps Toward 2020” on April 5 in Brussels. Later this month, the Council will host another event in Washington, D.C. on the report. I was a member of the Atlantic Council’s Task Force on a Transatlantic Digital Agenda.
The concept of a transatlantic digital marketplace is something well worth supporting. The Brookings Institution’s 2014 work on the value of transatlantic data flows helped make the economic case for why this is so important. The 2015 European Center for International Political Economy (ECIPE) paper on the importance of complementary policy for the ICT sector helps explain what policy environment, including on Intellectual Property Rights (IPRs) is optimal for the software sector. The Atlantic Council Report contains many excellent ideas for building a transatlantic digital marketplace such as promoting cross-border data flows.
Google recently informed European data protection authorities (DPAs) that, in addition to removing search results from all European domains of Google Search, Google would soon begin using geo-location technology to additionally restrict access to search results that have been delisted in response to European privacy requests. This is a sensible step to allay DPA concerns about the balance of a right to privacy and freedom of information and should satisfy those in Europe calling for full global removals without impeding access to information outside of Europe.
Of course, the right to be forgotten is a terrible idea – at least in the form in which the European Court of Justice imposed it on European search engines in May 2014. That decision instructed search engines not to return results derived from a search on a person’s name when the data “appear to be inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which the ...