- American court rules that companies should hand over their customer's emails and other data, even if hosted on overseas servers.
- Proposals pose threat to American net neutrality.
- European Court rules that Member States can check if companies comply with consumer protection rules even if based in a different state.
This is ORG's Parliamentary Update for the week beginning 28/04/2014
If you are reading this online, you can also subscribe to the email version.
Consultations and departments
A full list of open consultations and Parliamentary events can be found on our Events
Department for business release survey results outlining effects of security breaches to UK businesses
The Department for Business, Innovation and Skills has published the results of their 2013 survey, asking businesses how information security breaches were affecting their work.
These were some of the major findings:
- 81% of large organisations and 60% of small businesses have had security breaches in the past year. Down from 86% and 64% respectively, from the year before.
- 600k - £1.15m is the average cost to a large organisation of its worst security breach of the year (up from £450 - £850k a year ago)
- 26% of respondents use the government's “the Ten Steps” guidance tool as protection against information security breaches (Gov.uk).
You can view the full report and executive summary online.
Contributions for international cyber security capacity building fund now open
The Foreign and Commonwealth Office has invited project bids for their international cyber security capacity building fund. The fund was announced by William Hague MP at the 2012 Budapest Cyber Conference and aims to fund the National Cyber Security strategy objectives (GOV.uk).
New director appointed for National Cyber Crime Unit
On the 25 April, Dr Jamie Saunders,was appointed as the new Director of the National Cyber Crime Unit. Prior to this appointment, Dr Saunders was the Director of International Cyber Policy for the UK Foreign and Commonwealth Office (NCA).
American data protection laws to be extended to non-US citizens
A report by senior advisor John Podesta, titled "Big Data and Privacy" has recommended to extend the 1974 Privacy Act to non-American citizens. Mr Podesta said work to apply the new rules would begin immediately and could come into effect within 12 months.
The announcements come as trade negotiations are underway between America and the European Union.
According to the Guardian's reporting, one EU official said they would be inquiring whether foreigners "now had rights of legal redress for breaches of data privacy carried out by US companies or government agencies" (The Guardian).
Proposed rules pose threat to US net neutrality
The Federal Communications Commission (FCC) is planning on proposing a new set of rules that would allow large companies to pay an extra fee to Internet service providers for faster 'internet lanes' that would send content (such as videos) much faster to their customers. Thus hampering Net neutrality.
However, the chairman of the FCC, Tom Wheeler, has denied there has been a 'turn around in policy'. The proposed rules would require the ISPs to show how they treat all internet traffic and whether they assign faster lanes to affiliated companies. They would also be required to act “in a commercially reasonable manner”(The New York Times).
ORG's Executive Director, Jim Killock said in Tech Week Europe “If the leaked proposals are true, they would effectively end Net Neutrality,” said Jim Killock, the executive director of the ORG. “If US ISPs allow companies to pay for a fast lane to consumers, it could prevent small businesses and start-ups from competing on the same terms as large corporations. This will both deter innovation and deny consumers choice.”
Law and Legal Cases
European Union court rules that states can monitor if companies comply with consumer protection rules
The Court of Justice of the European Union has ruled that states can monitor if companies supplying communications services in their country, are complying with consumer protection rules. This applies even when the company is established in another member state (New Europe).
You can view the judgement online (PDF).
American court rules customer data hosted on overseas servers should be turned over
American court rules that companies should disclose their customer's emails and other content, even if they're hosted on overseas servers, when issued a valid US search warrant. In the first case of its kind, the US court said that companies such as Google and Microsoft cannot refuse to disclose information (Reuters).
Our Executive Director commented on the developments in Value Walk “Given what we know about the extent of access to personal data from the Snowden revelations, this can only undermine customers’ confidence in US businesses even further. What we already know about surveillance now seems to be true for ordinary policing.”
ORG Media coverage
See ORG Press Coverage for full details.
- 2014-05-01 - International Business Times - Google U-turn on Email Scans Spreads Beyond Student Inboxes
- Summary: Quote by Jim Killock on Google's new policy to halt scanning student's emails.
- 2014-04-29 - The Guardian - US court forces Microsoft to hand over personal data from Irish server
- Summary: Quote by Jim Killock commenting on US court ruling, forcing companies to hand over customer information held in overseas servers.
- 2014-04-29 - Value Walk - Court In US forces Microsoft to hand over data from its foreign server
- Summary:Quote by Jim Killock commenting on US court ruling, forcing companies to hand over customer information held in overseas servers.
- 2-14-05-28 - PC Pro - Anger as TalkTalk porn filter blocks women’s rights website
- Summary: Quote by Jim Killock
- 2014-04-25 - Tech Week Europe - Controversial FCC Proposals Could “End Net Neutrality” In The US
- Summary: Quote by Jim Killock
- 2014-04-16 - Evening Times - We face barriers to free information access
- Summary: Mention on ORG Scotland