Europe’s Digital Watchdog Zeros In On US Tech

Uploaded on 2016-02-03 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

Isabelle Falque-Pierrotin, empowered by Europe’s highest court, will be at the heart of efforts to police how digital data is transferred outside of the European Union.

The latest standoff between Europe and American tech companies runs through a quiet street just north of the Louvre Museum, past chic cafes and part of the French national library, to the ornate office of Isabelle Falque-Pierrotin.

From here, Ms. Falque-Pierrotin has emerged as one of the most important watchdogs for how companies like Facebook and Google handle the billions of digital bits of personal data, like names, dates and contacts, routinely collected on Europeans. Since 2011, she has been France’s top privacy regulator, and for the last two years, she has led a group of European data-protection officials. In those posts, Ms. Falque-Pierrotin has regularly agitated companies to better safeguard people’s data.

Her role will come into even sharper focus in the coming weeks. Ms. Falque-Pierrotin, empowered by Europe’s highest court, will be at the heart of efforts to police how digital data is transferred outside of the European Union, a central aspect of many European and American businesses. That role will be amplified even further if, as is now widely expected, American and European negotiators fail to reach a new data-transferring deal by Feb. 1.

The biggest American tech companies face intensifying scrutiny by European regulators, with — pressure that could potentially curb their sizable profits in the region and affect how they operate around the world.

One thing is clear, she says: The practices of American businesses, and tech companies in particular, are squarely in her sights.

“American companies do not have an immediate right to collect data on our citizens,” Ms. Falque-Pierrotin, 56, a blunt-speaking career civil servant, said recently in an interview, her voice increasingly animated. “If they are on our soil, then they need to live with the consequences.”

Greater oversight fell to Europe’s national data regulators in October, when the European Court of Justice annulled a 15-year-old pact known as safe harbor, which had allowed companies to move information freely between the United States and Europe. The judges ruled that Europeans’ data was not sufficiently protected when transferred to the United States.

Shortly after, the national regulators, led by Ms. Falque-Pierrotin, demanded that the European Commission and the Commerce Department reach a new deal by Feb. 1. Negotiators have been talking almost daily since October, including discussions in Brussels and Davos, Switzerland, in recent days. Still, they remain at loggerheads over how American intelligence agencies monitor Europeans’ digital profiles, according to several officials, who would speak only on the condition of anonymity.

Failure to find a compromise, company executives and officials warn, could disrupt billions of dollars of trade between two of the world’s largest economies. Nearly all major multinational companies, including manufacturers like General Electric and drug makers like Pfizer, routinely move customer and employee data between regions.

The biggest impact, though, will be felt by United States technology giants like Facebook and Google, which depend on reams of personal data from people’s social media posts, search queries and online purchases to fuel digital advertising businesses. Those efforts often lead to tensions in Europe, where privacy is considered as sacrosanct as freedom of speech.

Deal or no deal, Ms. Falque-Pierrotin is in a position to play a major role. If negotiators agree to a new pact, she and Europe’s other privacy watchdogs will help decide whether the new agreement meets the region’s tough standards. If no deal is reached, she could impose further restrictions on how data is transferred across the Atlantic when European regulators gather on Feb. 2.

“The French aren’t afraid to pick fights with companies,” said Max Schrems, an Austrian law student who brought the original case that upended the previous trans-Atlantic data-sharing agreement.

Ms. Falque-Pierrotin follows a long tradition of French officials promoting strict privacy rights. In 2014, her peers elected her to lead an increasingly powerful group of European privacy regulators, a position that she is the forerunner to retain when new elections take place.

After receiving degrees from some of France’s top business and civil service schools, Ms. Falque-Pierrotin has spent three decades leapfrogging among government agencies and state-sponsored nonprofits. In the late 1990s, though, she began focusing more on privacy and the digital economy. She joined France’s data-protection authority in 2004 and quickly rose within its ranks.
In person, Ms. Falque-Pierrotin comes across as soft-spoken and formal. But her advocates and targets alike say she can be tenacious, though fair-minded. In recent years, she has gained a reputation for taking on some of the world’s largest tech companies, including Google.

The search giant will again take center stage in the coming weeks when France’s data-protection watchdog is expected to fine the company for failing to comply with its interpretation of Europe’s “right to be forgotten” privacy ruling, according to two people with direct knowledge of the matter, who would speak only on the condition of anonymity. While such a move is a headache for a company like Google, the agency’s one-off maximum financial penalty of 150,000 euros, or about $160,000, is essentially a mere rounding error.

Max Schrems, an Austrian law student, brought the original case that upended the previous trans-Atlantic data-sharing agreement.

In a recent interview, Ms. Falque-Pierrotin said Europeans should have the right to ask Google to remove links about themselves from any search query worldwide. She declined to comment, though, about potential fines. A Google spokesman also declined to comment on the fines. Google has argued that the legal decision should apply only to European domains like Google.fr in France, and not to its global websites like Google.com.
Even with the confrontation with Google, French privacy experts say Ms. Falque-Pierrotin has regularly contacted local and international companies. She has often taken a less combative approach than other national watchdogs, they say, particularly those in Germany, where officials have often been quick to blame American companies for flouting local rules.

Ahmed Baladi, a lawyer at Allen & Overy who represented Google in a previous French data-protection case, said Ms. Falque-Pierrotin aggressively led her agency, known as the Commission Nationale de l’Informatique et des Libertés, or CNIL. “But her strategy also has focused on communication, not just enforcement,” he added.

That nuanced approach may prove handy as last-minute discussions about a new trans-Atlantic data-transfer agreement flounder.

National authorities may start legal proceedings, and potentially issue fines, against companies they think run afoul of Europe’s tough data-protection rules if a new deal is not reached.

Ms. Falque-Pierrotin, for instance, has already received complaints against several unnamed companies, though she is waiting until February before deciding whether to begin investigations into how certain companies move data from France to the United States.

Vera Jourova, Europe’s justice commissioner in charge of the European negotiating team, still thinks a new data-sharing agreement can be reached, but warns that “a deal will only be made if there’s an equitable approach in the United States” to safeguard Europeans’ privacy rights.

Bruce Andrews, the deputy secretary of the Commerce Department, dismissed Europe’s concerns, saying that the United States had already offered the European Commission a number of guarantees on how its citizens’ data would be treated.

“We’ve agreed to make major changes,” he said. “The U.S. takes individuals’ privacy very seriously.”

In December, Ms. Falque-Pierrotin sent letters to several American agencies, including the Commerce Department and the Federal Trade Commission, asking for meetings to discuss the current impasse. She received only a short response.

Not responding fully to Ms. Falque-Pierrotin’s entreaties may prove costly. Already, the French regulator and other European agencies have sent letters to international companies reminding them that the current mechanisms for transferring data are on shaky legal ground.

A number of digital-rights advocates, including Mr. Schrems, are also preparing new privacy cases if a data-transfer deal is not reached by Feb. 1.

That will most likely cause more problems for American tech giants, pushing Ms. Falque-Pierrotin and her European counterparts to consider new investigations and, eventually, fines. But her position on protecting personal data continues to appear unwavering.

“Does the US provide sufficient privacy guarantees?” she said. “Until now, the answer is no.”

NYT: http://nyti.ms/1S5l2ub

« The Dismal Sate Of Payment Data Security
The EU Wants To Organise The New Tech Economy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

HackRead

HackRead

HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends.

Telos

Telos

Telos offers cybersecurity solutions and services that empower and protect the world’s most security-conscious enterprises.

Cyfor

Cyfor

Cyfor provides digital forensics and eDiscovery in civil, criminal, intellectual property, litigation and dispute resolution investigations.

SGCyberSecurity

SGCyberSecurity

SGCyberSecurity is Singapore's No.1 Cyber Security portal. From this platform, you will be able to find useful articles, resources and connect with the security companies for your business needs.

Vaulto Technologies

Vaulto Technologies

Vaulto protects critical business processes that are conducted via the cellular network.

adaware

adaware

adaware is an award-winning security and privacy software provider, empowering users to connect with confidence.

CYQUEO

CYQUEO

CYQUEO is your professional partner and system integrator. We secure your organization against advanced cyber threats.

Open Connectivity Foundation (OCF)

Open Connectivity Foundation (OCF)

OCF is dedicated to ensuring secure interoperability ensuring secure interoperability of IoT for consumers, businesses and industries.

About Cyber Security.

About Cyber Security.

About Cybersecurity provides a galaxy-wide knowledge base of cybersecurity tactics and techniques derived from actual experience.

SOC.OS Cyber Security

SOC.OS Cyber Security

SOC.OS is an alert correlation and triage automation tool. It correlates and prioritises your alerts, boosting productivity, enhancing threat visibility and shortening mean time to respond.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.

Securix

Securix

SECURIX AG delivers holistic IT security solutions that are tailored to the specific challenges and requirements of your company.

Tech Seven Partners

Tech Seven Partners

At TechSeven Partners, we provide a full suite of cyber security solutions for your business including network monitoring, onsite and cloud backup solutions, HIPAA or PCI compliance.

ThreatFabric

ThreatFabric

ThreatFabric integrates industry-leading threat intel, behavioral analytics, advanced device fingerprinting and over 10.000 adaptive fraud indicators.

Trickest

Trickest

Trickest enables Enterprises, MSSPs, and Ethical Hackers to build automated offensive security workflows from prototype to production.

NMi Group

NMi Group

NMi Group is a global pioneer in mission-critical Testing, Inspection, Certification, and Calibration (TICC) services.