Home Tags EU law

Tag: EU law

ICO boss calls for EU-style data protection rules post-Brexit

Plus ça change The UK’s new information commissioner reckons that a post-Brexit Britain should adopt data protection laws similar to those of, er... the EU. Elizabeth Denham made the comments during her first speech (transcript here) as UK information Commissioner at an event in London last week.

Denham said the EU’s General Data Protection Regulation (GDPR) directive will almost certainly come into force in the UK before Brexit is effected.
Something similar will be needed to replace it even after the UK leaves the EU, she argued. “The fact is, no matter what the future legal relationship between the UK and Europe, personal information will need to flow.
It is fundamental to the digital economy,” Denham said. “In a global economy we need consistency of law and standards.

The GDPR is a strong law, and once we are out of Europe, we will still need to be deemed adequate or essentially equivalent. “Whatever data protection law we have post-Brexit, I expect to see organisations taking responsibility for their actions, no matter how quick the technological change,” she added. The GDPR will introduce tougher breach disclosure rules and much higher fines for security screwups – of up to four per cent of a business’s annual turnover.

Denham put a positive spin on the tougher regulations, arguing that compliance ought to act as a catalyst for positive change. “We believe that future data protection legislation, post-Brexit, should be developed on an evolutionary basis, to provide a degree of stability and clear regulatory messages for data controllers and the public,” she explained. “GDPR is an incentive to improve your practices, to sharpen things up, and encourage organisations to look at things afresh. “Legislative change does bring nervousness, but it also brings opportunity.

These changes – stronger data protection law and enforcement – are aimed at inspiring public trust and confidence,” she concluded. Janine Regan, a data protection specialist at law firm Charles Russell Speechlys, said: “These comments from the ICO are not surprising; the digital single market is worth billions and streamlined EU data protection laws is a fundamental component of that.

Brexit from data protection will mean that the UK will lose significant influence over policy, strategy and a piece of the incredibly profitable digital single market pie. “The UK needs to mirror EU law post Brexit in order to be an effective place to offer data analytics, data centres and international data management services,” she added. ®

US sends nastygram to European Union over alleged Apple tax dodging

EnlargeSnow White, Disney Films reader comments 47 Share this story Apple's battle with the European Union’s competition watchdog has been backed by the US government, which on Wednesday waded into the complaint over the iPhone maker's tax arrangements. The US treasury warned in a white paper that Brussels' ongoing investigation into Apple’s tax deal with Ireland could “create an unfortunate international tax policy precedent.” On Thursday, the European Commission responded that there was “no bias” against US companies. After two years of investigations, antitrust chief Margrethe Vestager is expected to issue a decision on allegations of tax dodging by Apple in the autumn. The commission is considering whether the company used so-called “transfer pricing arrangements” to move profits around in order to avoid tax.
Ireland is implicated in letting Apple pay a tiny amount of tax.

Technically, this means that it may have benefited from illegal state aid. “Tax rulings may involve state aid within the meaning of EU rules if they are used to provide selective advantages to a specific company or group of companies,” the commission states. But the US treasury warned that Vestager's office was in danger of overstepping its bounds “beyond enforcement of competition and state aid law under the TFEU [Treaty on the Functioning of the EU] into that of a supra-national tax authority.” It said it was considering “potential responses should the commission continue its present course,” adding: “a strongly preferred and mutually beneficial outcome would be a return to the system and practice of international tax cooperation that has long fostered cross-border investment between the United States and EU member states.” Vestager has already ordered the payment of more than €20 million in back taxes from Starbucks and Fiat Chrysler over similar tax deals with the Netherlands and Luxembourg, and Ireland could be instructed to reclaim up to tens of billions of dollars from Apple. The US government's bean counters are worried about the crackdown, however: There is the possibility that any repayments ordered by the commission will be considered foreign income taxes that are creditable against US taxes owed by the companies in the United States.
If so, the companies’ US tax liability would be reduced. To the extent that such foreign taxes are imposed on income that should not have been attributable to the relevant member state, that outcome is deeply troubling, as it would effectively constitute a transfer of revenue to the EU from the US government and its taxpayers. Put another way, the US treasury appears to be saying: "we get to tax our multinationals, not the EU." Apple CEO Tim Cook has always denied any wrongdoing. The commission has also been pursuing a similar investigation against Amazon in Luxembourg and has warned that other cases may be on the way. “A substantial number of additional cases against US companies may lead to a growing chilling effect on US-EU cross-border investment,” the treasury hit back. On Thursday, the commission's spokesperson, Alexander Winterstein, said that it had taken note of the white paper, before drily saying that EU state aid rules have been in place for years. “With regard to the insinuation of bias, let me repeat what commissioner Vestager has been saying, which is that EU law and competition rules apply indiscriminately to all companies operating in Europe, whether they are big companies or small companies, whether they are companies that are European or companies from outside Europe.

There is absolutely no trace of a bias here,” he added. This post originated on Ars Technica UK

Euro cops, Intel and Kaspersky slay Shade ransomware

No More Ransom campaign kicks off A joint operation by Europol, the Dutch National High Tech Crime Unit, Intel, and Kaspersky has seized the command and control servers for the Shade ransomware strain and published code that allows anyone hit by the malware to decrypt their files. Shade has been in circulation since 2014, and has predominantly targeted European computer users. Once downloaded via an email attachment or unpatched browser, the malware encrypts the computer's files using a 256-bit AES (advanced encryption standard) key, and a second to encrypt the file names themselves. The command and control servers were identified and raided by police, and Intel and Kaspersky have worked to develop tools to disable the encryption system used and allow users to take back control of their data. Many thousands of computers are thought to be infected by the ransomware. "We, the Dutch police, cannot fight against cybercrime, and ransomware in particular, alone.

This is a joint responsibility of the police, the justice department, Europol, and ICT companies, and requires a joint effort," said Wilbert Paulissen, director of the national criminal investigation division of the National Police of the Netherlands. "This is why I am very happy about the police's collaboration with Intel Security and Kaspersky Lab.

Together we will do everything in our power to disturb criminals' money-making schemes and return files to their rightful owners without the latter having to pay loads of money." The announcement was made to kick off a new initiative between police and tech firms to fight the increasing scourge of ransomware.

Dubbed the No More Ransom initiative, the participants want to focus on attacking the control systems for ransomware infections and limit the ability of criminals to extort money via malware. "For a few years now, ransomware has become a dominant concern for EU law enforcement.
It is a problem affecting citizens and business alike, computers and mobile devices, with criminals developing more sophisticated techniques to cause the highest impact on the victim's data," said Wil van Gemert, deputy director of Europol's operations department. "Initiatives like the No More Ransom project show that linking expertise and joining forces is the way to go in the successful fight against cybercrime. We expect to help many people to recover control over their files, while raising awareness and educating the population on how to maintain their devices clean from malware." The initiative is asking those infected by ransomware to get in contact with the police before paying any funds to the infectors.

They will then work with victims to try and retrieve files and trace down the source of the infection before shutting it down. "The biggest problem with crypto-ransomware today is that when users have precious data locked down, they readily pay criminals to get it back," said Jornt van der Wiel, security researcher at Kaspersky Lab. "That boosts the underground economy, and we are facing an increase in the number of new players and the number of attacks as a result. We can only change the situation if we coordinate our efforts to fight against ransomware.

The appearance of decryption tools is just the first step on this road." The group is now looking for other tech companies to get involved. Microsoft would be a logical choice; given Redmond's campaign against botnet, which has had some success. ® Sponsored: 2016 Cyberthreat defense report

Ransomware Advice Service To Tackle Extortion Gangs

European police agency Europol is teaming up with cybersecurity companies in an initiative aimed at slowing an "exponential" rise in ransomware.The scheme revolves around a website that connects victims and police, gives advic...