The fate of the EU-U.S. Privacy Shield will be one of many topics of discussion at an April meeting in Washington, of the so-called Berlin Group of international privacy regulators.
More properly known as the International Working Group on Data Protection in Telecommunications, the body meets twice annually — once in an international location, and once in Berlin, Germany. This time the international location is the U.S. capital, and the gathering could not be more timely.
The meeting, scheduled for April 24-25, will take place as the European Union's data protection authorities are gearing up for the Privacy Shield's first annual review. The EU regulators were lukewarm on the deal when it was struck between the U.S. and the European Commission in mid-2016, and said in July that they would hold off launching any challenges until they had given the program a year to demonstrate its effectiveness.
The trans-Atlantic arrangement is the successor to the Safe Harbor deal that was struck down by the EU's top court in October 2015. Privacy Shield is supposed to provide the protections for EU citizens' data on U.S. soil that Safe Harbor failed to guarantee. However, EU regulators have expressed skepticism over features such as the ombudsperson mechanism for settling complaints, and the scope of U.S. authorities' ability to surveil EU citizens' data.
Joachim-Martin Mehlitz, a spokesman for the Berlin data protection authority, which helms the Berlin Group, confirmed that Privacy Shield would be discussed under an item provisionally titled: "A U.S. perspective on privacy protection."
While the Berlin Group is a separate entity from the Article 29 Working Party, many of the documents the group adopts "inspire other data protection authorities," such as the working party, according to the group's website.
A separate item will deal with the implications of last July's Second Circuit decision in the Microsoft vs United States case. The ruling, which the government has appealed, held that U.S. authorities could not force Microsoft to divulge a user's emails that were held on an Irish server. However, a February ruling by a Pennsylvania district court went the other way, ordering that Google should hand over emails that were stored abroad.
Google itself will be the rather broad subject of one item. Another will look at the implementation of the differential privacy anonymization technique in Apple's iOS 10 operating system, which represents some of the most interesting work being done on collecting and using personal data in a fine-grained, permissions-respecting fashion.
"Privacy and international standardisation" will be the topic of another item on the Berlin Group's draft agenda.
Much of the agenda is taken up with parsing the privacy implications of new technologies such as e-learning platforms, connected cars, smart infrastructure and sensor networks, smart TVs and "automated intelligence." The group will discuss firmware updates for internet-of-things devices – a hot topic, given the well-publicized security failures of certain connected devices.
The issue of web tracking and the little-used "do not track" standard will be discussed, as will the privacy issues in ICANN's next-generation Registry Directory Service (RDS). The RDS is the replacement for the WHOIS service, which lets people look up who is behind a given website.
The Berlin Group will also discuss single sign-on authentication and authentication in telecoms and web services, as well as issues relating to voice-controlled device, privacy in social networks, and cyber-bullying.
Interestingly, one item on the draft agenda related to "reorganisation of the Berlin Group," a topic about which Mehlitz said the group "can't go into detail at this time." The group has been around since 1983 and, while the documents issued by its technical and legal expert members are not binding, they do carry some influence with bodies such as the EU's Article 29 Working Party.
The Berlin Group's meeting will take place shortly after IAPP's Global Privacy Summit in D.C., which will run from April 19-20.
Image courtesy of European Commission
If you want to comment on this post, you need to login.