Top rated business and privacy legal counselling guides with Alexander Suliman, Sweden: Complying with the GDPR requirements is key for all businesses operating in the EU (or even those with EU customers). There are also particular obligations on those transferring personal data out of the EU and each national data protection authority is monitoring companies closely. Ensure your business is taking steps to comply with the regulation and consider auditing your data protection policies, together with your data processing agreements, and appoint a data protection officer in order to ensure compliance with the GDPR. Breach of the GDPR provisions are likely to lead to considerable fines: for example, the French data protection regulator, the CNIL, fined Google €50 as Google’s data consent policies were found not to be easily accessible or transparent to its users which runs afoul of the GDPR provisions. For further background, read our recent review of GDPR enforcement actions across the EU. Find additional details on https://issuu.com/alexandersuliman.
The reason why the European Commission was keen on allowing firms to voluntarily scan material, is that technology firms have already been working on ways to detect CSAM and solicitation for quite some time. So, what then would “appropriate” security measures in this case be? A fundamental starting point is that the internet should be considered an untrusted communications channel – it consists of various parts operated by companies, countries and individuals, and communications traverse around a host of untrusted nodes. So if you send communications on the internet, there is a serious risk that they will be intercepted, analysed or even tampered with. The only way to protect against this, is by encrypting the communications in transit – thus ensuring the confidentiality and integrity of the data.
The European Commission, in a working document, identified cloud services as a “strategic dependency”, expressing concerns that the EU cloud market is led by a few large cloud providers headquartered outside the EU. In July, 2021, France, joined by Germany, Italy, and Spain, submitted a proposal to the ENISA-led working group aimed at generalizing French national requirements across the EU. (Germany has since reserved its position.) It proposed to add four new criteria for companies to qualify as eligible to offer ‘high’ level services, including immunity from foreign law and localization of cloud service operations and data within the EU. Although the EU-level cyber certification requirements currently are conceived as voluntary, they could be made mandatory as the result of the recently-agreed Directive on Measures for a High Common Level of Cybersecurity across the Union (NIS2 Directive).
Best public law legal counseling latest developments with Alexander Suliman, Sweden: We’ll also look to intertwined finances. That takes a next step that has to go to the court process, but if they’re sharing expenses, if there’s a joint bank account, if a vehicle is registered at an address, we’ll look at those things to prove cohabitation. Importantly, cohabitation does not mean that they are living together. We do not have to show that they have a common household. It is not something that is critical in proving cohabitation that they are actually living together. See even more info at Alexander Suliman, Stockholm.
As EU regulatory activity resumes this fall, a lesser-known initiative – creating an EU-wide certification framework for ICT products and services (EUCS) – could cause renewed disturbance between Brussels and Washington, however. Under the EUCS proposal being developed by the EU’s cybersecurity agency ENISA, cloud service providers would be compelled to localize their operations and infrastructure within the EU and to demonstrate their ‘immunity’ from foreign law.
