The Swiss-U.S. Privacy Shield framework, which outlines the transfer and protection of personal data of Swiss citizens to American companies (see 1701110012) similar to the EU-U.S. Privacy Shield, launched its self-certification process, said Commerce Secretary Wilbur Ross in a Wednesday evening news release. He said the agreement will support U.S. economic growth and called it a "prime example" of the department facilitating data flows and high privacy standards to ensure a strong foundation for the digital economy. Nearly 2,000 companies have self-certified under the EU-U.S. agreement, which opened for business in August. The first review will occur in September and some EU officials have expressed serious concerns about that framework (see 1703310003 and 1704060013).
Customs and Border Protection seized counterfeit mobile phone accessories March 14 at the Charleston seaport that would be worth about $1.1 million if legitimate, the agency said on Tuesday in a news release. CBP said the merchandise, which included phone cases, chargers, cables and headphones, "arrived into the port from China and was destined for upstate South Carolina." Some 38,000 counterfeit power adapters with FCC marking, "signifying they’d been tested in an accredited FCC laboratory and met certain operating standards," were also seized, said CBP. "These were found to be unauthorized markings as well -- a potentially significant safety risk to unwitting consumers."
The SEC won't enforce a rule that requires companies to declare when products aren't conflict mineral free, the Corporation Finance Division said. It follows a U.S. District Court for the District of Columbia ruling that the requirement violates the First Amendment. The SEC will now decide how to implement the Dodd-Frank Act provisions that mandated conflict minerals reporting. "In light of the … regulatory uncertainties, until these issues are resolved, it is difficult to conceive of a circumstance that would counsel in favor of enforcing Item 1.01(c) of Form SD,” Acting SEC Chairman Michael Piwowar said Friday. Last week, a tech group sought reporting changes, at a hearing (see 1704070017).
Chinese “nation-state threat actors” breached the National Foreign Trade Council’s (NFTC’s) website between Feb. 27 and March 1, using a link leading to a remote script that would launch when anyone visited certain pages on the website, Fidelis Cybersecurity said. Fidelis first observed the “inject” on the registration page for an NFTC board meeting in Washington scheduled for March 7, the firm said. The remote script was the “Scanbox framework,” a web reconnaissance tool exclusively known in the research community to have been used by bad actors working with or sponsored by the Chinese government, Fidelis said. It's “highly probable” that the hack targeted private sector players involved in lobbying on U.S. foreign trade policy, the company said. The NFTC didn’t comment.
21st Century Fox's buy of Sky will cause only a limited increase in Sky's power in the TV content market, so the deal is getting European Commission regulatory approval without conditions, the EC said in a news release Friday. It said the two largely operate in different European markets and compete only in acquiring TV content and in the wholesale supply of basic pay-TV channels. The EC said its review decided Fox/Sky audience share would be too limited for Fox to be able to restrict Sky's competitors' access to video content, and Sky's unlikely to quit buying content from Fox competitors because of the quality of Sky's product. Having received EC approval, Fox said in a statement Friday, it's "confident that the proposed transaction will be approved following a thorough review process" by the U.K.
BSA|The Software Alliance and the Coalition for Responsible Cybersecurity (CRC) praised the U.S. government Friday for working in annual negotiations on implementation of the multinational Wassenaar Arrangement export control rules to clarify and revise language on the export of intrusion software and IP surveillance systems. U.S. officials faced pressure to renegotiate Wassenaar language viewed as having a chilling effect on U.S. cybersecurity firms (see 1507220082, 1507240054 and 1702130031). “Requiring cybersecurity practitioners to obtain export control licenses prior to performing even basic remediation efforts is a recipe for disaster,” said BSA Policy Director Christian Troncoso in a news release. “Unless the Wassenaar Arrangement controls are meaningfully narrowed, network defenders will face significant time delays in their ability to respond to constantly evolving threats.” BSA and CRC also urged Wassenaar signatories to engage with stakeholders to “craft meaningful changes to the controls on 'intrusion software,' take seriously the concerns ... and commit to renegotiating the flawed provisions to ensure that global cybersecurity is not put at risk.”
Concerned about U.S. government surveillance activities and sharing of private data, the European Parliament (EP) passed a resolution 306-240 directing the European Commission "to conduct a proper assessment" of Privacy Shield. "This resolution aims to ensure that the Privacy Shield stands the test of time and that it does not suffer from critical weaknesses," said EP Civil Liberties Committee Chairman Claude Moraes in a Thursday news release. He said there have been significant improvements over the invalidated safe harbor agreement, but problems remain that need to be "urgently resolved to provide legal certainty" for EU citizens and businesses. EU Justice Commissioner Vera Jourová met with Trump administration officials about U.S. tasks and commitments to Privacy Shield (see 1703310003). The first review of the trans-Atlantic data sharing framework will occur in September. Parliament said it's concerned about new NSA rules that allow it to share intercepted private communications collected without a warrant or congressional authorization with 16 other intelligence agencies. The EP also pointed to the NSA and FBI directing Yahoo to conduct surveillance activities in 2015 (see 1610050038), a year after presidential policy directive 28 limited collection and processing of data. Other concerns Parliament cited include the recent repeal of FCC ISP privacy rules (see 1704040059), vacancies at the Privacy and Civil Liberties Oversight Board (see 1612270051), the need for increased independence of the ombudsperson in the State Department (see 1703290015) and more effective judicial redress for EU citizens beyond the framework's principles and U.S. government letters.
The World Customs Organization said a recent U.S. increase in e-commerce considered de minimis in trade rules spurred challenges in global trading. The continuous increase in online trading necessitates a broad, international customs approach to deal with regulation, consumer protection, revenue collection and national security, WCO reported. Technological solutions are developing to address e-commerce challenges, with automated systems. The WCO launched an e-commerce site for related information, including ongoing work of the WCO’s multistakeholder Working Group on E-Commerce, the WCO said Friday.
If the Trump administration pushes through a renegotiation of the North American Free Trade Agreement, it should be mindful of implications for telecom, said Stuart Brotman, nonresident senior fellow at the Brookings Institution, in a blog post. The telecom provisions have probably done more good than harm, Brotman wrote Friday. “They include a ‘bill of rights’ for providers and users of telecommunications services that cover access to public telecommunications services; connection to private lines that reflect economic costs and availability of flat-rate pricing; and the right to choose, purchase, or lease terminal equipment.” One approach would be to take the telecom provisions off the table, but a better path might be to expand their scope to focus on trade barriers, Brotman said. “Barriers such as international roaming rates for mobile calls, restrictions on cross-border transfer of digital information (such as electronic payments and digital signatures), and the forced localization of data centers have a detrimental impact on American companies,” he wrote. “The Trump administration would be well-advised to advocate for a broader bill of rights that adheres to the notion of freedom of choice. It should uphold the ability of U.S. companies to offer their world-class information services in Canada and Mexico. Such a position may be easier to gain in a renegotiated agreement since the other items on the NAFTA version 2.0 agenda (e.g., tariffs) undoubtedly will receive greater scrutiny and are likely to be far more contentious.”
The Office of the U.S. Trade Representative highlighted concerns about other countries' adoption of data localization laws and other barriers to digital trade, in its annual National Trade Estimate report Friday. Other identified digital trade barriers included restrictions on “digital products, Internet-enabled services, and other restrictive technology requirements,” USTR said. The office included a digital trade barriers section on every country included in the NTE. BSA|The Software Alliance praised USTR for including digital trade barriers. “Eliminating barriers that prevent BSA members and other US companies from providing their products and services around the world is critical,” said BSA President Victoria Espinel in a statement.