Greetings from Portsmouth, NH!

During yet another busy week here at IAPP headquarters, the most notable privacy news story to affect the U.S. was the Article 29 Working Party's opinion of the first annual review of the EU-U.S. Privacy Shield agreement. Though the WP29's response doesn't spell the apocalypse for the trans-Atlantic agreement, it did warn of legal action next year if specific steps are not taken. On the commercial side, the working party identified several "unresolved issues" involving what it sees as a lack of "guidance" about onward transfers and recourse mechanisms for data subjects; a desire for "continuous monitoring" of certified organizations; and WP29's desire for clear differentiation between data processors and data controllers. The WP29 said it will revisit these issues next year at the second annual review. So there is some time here.  

There's much less time, however, for the U.S. government to take steps to implement checks on government access to user data. This involves appointing members to the Privacy and Civil Liberties Oversight Board and an independent Ombudsperson; whether Presidential Policy Directive 28 will continue to be subject to presidential privilege; the application of Executive Order 12333; and in what form Congress will reauthorize Section 702 of FISA. Addressing these will depend squarely on President Donald Trump and Capitol Hill, and the WP29 wants action by May 25. Of course, that date should sound familiar to privacy pros, as it's the day the EU General Data Protection Regulation goes into effect. If the recommendations are not implemented, the WP29 warns it will take an adequacy decision to the Court of Justice of the EU — and that could spell doomsday for Shield. 

In conjunction with these WP29 developments, the fate of Section 702 took an interesting turn this week after an official from the Trump administration argued that 702 can legally continue even after it expires at the end of the month. Though a representative from the Office of the Director of National Intelligence said he fully expects Congress to reauthorize the program, with tax reform and hints of a massive sexual harassment scandal involving potentially dozens of U.S. lawmakers, it's far from clear what Congress will accomplish in the coming weeks. Lawyers from the executive branch told The New York Times the program can continue until at least April 2018 — one month before the May 25 deadline set by the WP29 — without new legislation. To pile on, the Trump administration hasn't been lightning fast with appointing government positions this year, so it's unclear if any priority will be given to appointing an Ombudsperson (there is currently an acting one, however) or the remaining PCLOB openings. It's also hard to imagine the current president relenting on any presidential privileges he's already afforded. 

But not everything revolves around Shield and Section 702. We're now in peak holiday shopping season, and that tends to bring forward children's privacy issues. For many kids, this is a time to be on good behavior for Santa and his merry band of elves. A couple years back, I wrote about the normalization of surveillance through the use of popular toys like "Elf on the Shelf." But looking back, that's nothing compared to this year's "Elf Surveillance Dummy CCTV Camera." Yes, it looks like a CCTV camera, complete with a red flashing light, to let kids know the North Pole is watching at all times. Want to find out more? Be sure to check out Ryan Chiavetta's humorous take on this latest kid's surveillance product. 

Well, until next week, be well and buy local.