7 January 2016

This week’s update sees a relatively subdued start to 2016, with industry slowly emerging into the new year.

In Europe, developments were predominantly focused on the issue of cyber-security, with a range of stories featuring from across the continent. Of prominence was the announcement from the Netherlands that the Dutch Government will not follow the trend of weakening encryption for security purposes, and instead endorse the “importance of strong encryption for internet security to support the protection of privacy for citizens, companies, the government and the entire Dutch economy,”. With China and the US also considering the balance of introducing similar legislation such as seen recently through the Draft Investigatory powers Bill in the UK, 2016 will present an interesting space to watch for developments regarding encryption.

In a privacy context, he independent European data protection supervisor (EDPS) announced this week it is due to set up an external ethics advisory group to address concerns over surveillance technologies. The move was announced by EDPS head Giovanni Buttarelli. Significantly, he called for enclusive Europe-wide and global co-operation on the issue and recommended a review and bolstering of existing European Union (EU) standards for the protection of human rights.

In the US, cyber-security and cyber-privacy also dominated the headlines, with two security stories being of particular interest. The first of those being that a quasi-governmental U.S. electric industry group last week advised members to review network defenses following reports regarding a cyber-attack which resulted in 80,000 customers of a Western Ukraine utility provider losing service for 6 hours. 

Secondly, and of equal note, Washington Governor Jay Inslee this week signed an executive order to create a state Office of Privacy and Data Protection, and announced cybersecurity collaboration with the U.S. Department of Homeland Security. The move is targeted at ensuring the state’s office of cyber-security will work even more closely with Homeland security in order to find new ways for states to "defend against increasingly sophisticated and targeted cyber threats."

From a privacy angle, it was revealed this week that despite previous promises made to curb spying on the leaders of U.S. allies, the White House has persisted in keeping tabs on some heads of state, including the Israeli Prime Minister, Benjamin Netanyahu. Sources quoted stated that President Obama had offered a justification for the activities concerned as a matter of “compelling national security purpose”.

In Asia, net neutrality was high on the agenda, with a row erupting in India over the recently introduced Free Basics initiative by Facebook. The TRAI has set a deadline of February 7th for the submission of views related to the service, notably however, the campaign has engendered increased activity from net neutrality campaigners in the country both on and off line. 

Also of considerable interest was China’s passing of new legislation in the form of a new anti-terrorism law, legislation which had been previously opposed by business groups, President Obama and human rights organisations. The new law will require companies to turn over user data and assist Chinese police or security agents with decryption in terrorist investigations and related cases.

Elsewhere, and of note, BIMCO released the first set of cyber-security guidelines for the global shipping industry and Zimbabwe announced plans to start a new project to support adoption of research data management and sharing services among government, universities and research institutions as part of its plans to pave the way for a nationwide open access mandate.

Finally, from a Global Institution perspective, the European Parliament this week informally agreed to replace the EU Data Protection Directive from 1995 with new comprehensive privacy legislation called the General Data Protection Regulation backed by 48 votes to 4, with 4 abstentions. Once ratified, the GDPR will become law in 2018 across all 28 EU Member States and will take over from the current laws EU Member States implemented in order to comply with the data protection requirements set out in the Directive.