|
|
 |
We would leave the U.K. [...] if it came down to the choice between [...] betraying the people who count on us for privacy, or leaving.
- Meredith Whittaker, President of Signal Foundation
|
|
Welcome to Snippets—The UK-US data bridge, an extension to the EU-US trans-Atlantic data transfer agreement, has been passed and will go into effect on October 12, 2023. This law is the UK's answer to the lawful data transfer limbo that followed the EU court's 2020 strike down of Privacy Shield.
Plus, a divided government privacy watchdog narrowly voted to release a report recommending greater restrictions on Section 702, iOS 17 users claim the update changed their privacy settings without consent, and Signal reaffirmed their commitment to leaving the UK if forced to build a backdoor in the platform's encryption.
|
|
|
|
|
UK to join EU-US transatlantic data transfer deal
|
 |
|
|
Through an extension named the ‘UK-US data bridge,’ the United Kingdom has agreed to join the EU-US trans-Atlantic data transfer pact, piggybacking onto the initial agreement reached this past July.
|
- Meant to strengthen trade and economic ties between the regions, the UK-US data bridge opens a path for transferring UK citizens’ data to the US—provided the data is adequately protected once it has crossed over US borders.
- Though the EU and US reached their data transfer agreement in July, Brexit necessitated the UK establish separate legislation.
- As with the EU-US data transfer agreement, experts have split views on the adequacy of the data bridge’s data protection mechanisms.
- Some note UK citizens have several redress options, while others argue the law will allow companies to bypass transfer impact assessments.
|
|
|
|
|
|
|
Join hundreds of your peers in the Privacy Pulse community
|
|
Privacy Pulse is an invite-only community where privacy professionals can crowdsource solutions to their biggest challenges, share or find a new role, and expand their professional network.
To make sure our community is valuable, thriving, and safe, we ask that everyone submit a brief application to join. All applications will be reviewed within 24 hours.
|
|
|
|
|
|
|
|
Privacy panel recommends Section 702 restrictions
|
 |
|
Drew Angerer/Getty Images
|
The Privacy and Civil Liberties Oversight Board (PCLOB) has recommended restrictions on the expiring Section 702 surveillance program—a tool seen by some as crucial to national security, but criticized by others for infringing on American citizens' rights.
|
- The PCLOB was divided 3-2 on the proposed restrictions. The majority supported 19 recommendations, while the minority deemed the approach “deeply flawed.”
- Section 702 allows for warrantless collection of emails and calls of foreign targets, which can include communications with Americans.
- Critics have urged Congress to mandate a warrant for reviewing Section 702 data about Americans, a suggestion the PCLOB supports under certain conditions.
- While some argue that not reauthorizing Section 702 could harm national security, others point to instances where the program has been abused, such as its use on Black Lives Matter protesters.
|
|
|
|
|
|
|
|
Experts concerned about state sponsored DNA drives
|
 |
|
Getty Images
|
Connecticut police conducted a DNA drive earlier this month, inviting relatives of missing people to submit samples to aid in identifying human remains. But concerns have been raised about potential misuse of donors' genetic information.
|
- Participants were invited to donate genetic samples to the Combined DNA Index System (CODIS), a national database maintained by the FBI, as well as a commercial genetic database.
- While these drives can help solve missing persons cases, critics warn that commercial DNA databases are often utilized for purposes beyond identifying missing people—potentially infringing on privacy rights.
- The DNA drive was sponsored by various agencies including the University of New Haven, the Connecticut State Police, and the Office of the Chief Medical Examiner, and saw participation from a handful of families.
|
|
|
|
|
|
|
|
- Apple iOS 17 users are claiming privacy violations.
- George RR Martin is pressing charges against OpenAI.
- Disney fired 300+ employees in Beijing before a congressional data security meeting.
- Ryan Barker, former Chief Privacy Officer of Silicon Valley Bank, argues against law degrees as a qualification for CPOs.
- Massachusetts implemented a sports wagering data privacy law.
|
|
|
|
|
|
Signal threatens to quit UK over Online Safety Bill
|
 |
|
Bryce Durbin / TechCrunch
|
Citing concerns about users’ data privacy, Signal President Meredith Whittaker, reaffirmed her commitment to leaving the UK if regulators use the recently passed Online Safety Bill to force the company to build a “backdoor” in their end-to-end encryption (E2EE).
|
- Passed in September, the law could force Signal to build encryption backdoors, which contradicts the company’s commitment to minimal data processing and robust user privacy.
- Reiterating her company’s commitment to collecting “very, very little data,” Whittaker stated that Signal’s data collection is limited to phone numbers and last activity.
- Whittaker noted that, “We’re really worried about people in the U.K. who would live under a surveillance regime like the one that seems to be teased by the Home Office and others in the U.K.”
|
|
|
|
|
|
|
|
FTC sues Amazon in bid to end monopoly
|
 |
|
Shoshana Gordon/Axios
|
Co-signed by 17 state attorneys, the Federal Trade Commission (FTC) has filed an antitrust lawsuit against online retail giant Amazon—alleging the company uses unfair and illegal means to maintain its market hegemony.
|
- Other charges in the filing include overcharging sellers, quality degradation, and preventing fair competition.
- David Zapolsky, Amazon’s Senior Vice-President of Global Public Policy and General Counsel, called the lawsuit factually incorrect and credited the practices the FTC has called out with “spurring innovation” and “greater opportunities” for Amazon sellers.
- The FTC effort is being led by Chairperson Lina Khan, who has been eyeing an Amazon enforcement action since law school.
|
|
|
|
|
|
|
Confidently deploy AI with Transcend Pathfinder
|
|
A first-of-its-kind solution for AI governance, Pathfinder gives your company the technical guardrails it needs to adopt new AI technologies securely and responsibly. Use Pathfinder to:
💡 Handle enterprise AI adoption with confidence
👁️ Gain real-time visibility into AI deployments
✅ Strengthen compliance
Pathfinder is currently only available in the exclusive early access phase for select enterprise partners. Learn more and join the waitlist below.
|
|
|
|
|
|
|
|
|
Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.
|
|
|
|
You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.
|
|
|
|
|
|
