Biden Signs Executive Order to Facilitate Transatlantic Data Transfers
Last week, President Biden signed an executive order that would place limits on the personal data that U.S. intelligence agencies can access. The order comes—after drawn out negotiations—as part of a new data sharing agreement with the European Union. After the demise of Privacy Shield, the EU and U.S. have struggled to come to an agreement about whether and how EU citizens’ personal data can be transferred out of the EU. A major sticking point has been the broad and uninhibited powers of U.S. intelligence agencies, and the EU’s concern that its citizens’ data would be exposed to intelligence agencies. According to Politico, Biden’s executive order, “will create a new body within the U.S. Department of Justice that will oversee how American national security agencies are able to access and use information from both European and U.S. citizens. It will also give new powers to the civil liberties protection officials within the U.S. Office of the Director of National Intelligence, a body that oversees agencies’ work, to investigate possible breaches of people’s privacy rights.”
Study Finds Flaws in Deidentification Methods
University of Chicago computer scientist Aloni Cohen has released a new paper detailing the flaws in one of the most popular methods for data deidentification, k-anonymity. According to UChicago, “Deidentification works by redacting quasi-identifiers – information that can be put together with data from a second source to de-anonymize a data subject. Failing to account for all possible quasi-identifiers can lead to disclosures.” Cohen described a new kind of attack called “downcoding” that can re-identify anonymized data sets: “In one famous example, researchers took deidentified Netflix viewing data and combined it with data from the online movie review site IMDB, identifying users in the first data set by when they logged reviews of the movies they had recently watched.”
Australia Reveals New Privacy Rules
Last week, Australia proposed a slew of consumer privacy rules following the massive breach of telecoms giant Optus. The changes to Australia’s privacy rules will allow the government to share state-issued IDs with banks in order to implement enhanced monitoring for customers that have fallen victim to data breaches. The changes also include increased fraud monitoring throughout the financial system, and new data deletion and “purposeful processing” standards.
Philippines Moves to Register SIM Cards
President Ferdinand “Bongbong” Marcos Jr. signed a measure on Monday that would require all SIM cards to be registered with the name and address of their owner. Under the SIM Card Registration Act, sellers of SIM cards will now have to require a valid photo ID. Marcos noted a need to crack down on SIM card-related crime, but Yahoo cites, scientists organization AGHAM – Advocates of Science and Technology for the People, which said that the measure “will ‘disenfranchise’ millions of cellphone users especially marginalized communities due to lack of resources to register their SIM cards.”
* * * * * * *
To read our article on the United Kingdom’s proposed legislation, the Data Protection and Digital Information Bill which is set to replace the GDPR, click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!
Our most recently released episodes: