View from Peter Lancos, CEO
"Welcome to eXate's Global Data Diaries. This week we will focus on the latest updates on cross border data transfer regulations and some interesting news regarding the same."
The European Union and the US government have reached an accord for a Privacy Shield 2.0 to substitute the original Privacy Shield Framework that was invalidated under the Schrems II decision in July 2020. This is seen as a promising step forward as companies strive for simple solutions to facilitate transfers of personal data from the European Economic Area (EEA) to the US in line with the requirements of the General Data Protection Regulation (GDPR).
On March 25th 2022, the White House announced the agreement in principle to establish a Privacy Shield 2.0. While adopting several elements of Privacy Shield 1.0, the new version will take extra actions to bound intelligence collection to areas where necessary to "advance legitimate national security objectives" and will install additional oversight for US intelligence agencies to protect privacy and civil liberties. All the details of Privacy Shield 2.0 are yet to be fully formulated and are in serious talks now.
With every new data regulation, comes difficulties. The main challenge will be for the EU and the U.S. is to demonstrate that the agreement provides for ‘effective legal remedies’ that can be exercised by EU data subjects in circumstances where their personal data is accessed by U.S. intelligence agencies, according to DLA Piper.
Privacy Shield 2.0 On The Horizon
The European Union (EU) and the United States (US) government have now reached an agreement in principle for a “Privacy Shield 2.0” to replace the original Privacy Shield Framework that was invalidated under the Schrems II decision in July 2020. This is a promising step forward as companies strive for straightforward solutions to permit transfers of personal data from the European Economic Area (EEA) to the United States in line with the requirements of the General Data Protection Regulation (GDPR).
Machine learning models could become a data security disaster
A team of experts from Google, the National University of Singapore, Yale-NUS College, and Oregon State University published a paper, called “Truth serum: Poisoning machine learning models to reveal their secrets”, which details how the attack works.
Discussing their findings with The Register, the researchers said that the attackers would still need to know a little bit about the dataset’s structure, for the attack to be successful.
Zoom adds new round of cyber security enhancements
Videoconferencing platform Zoom has made a new round of cyber security enhancements to its service, adding new third-party certifications and attestations, product innovations and updates to established programmes.