Biden’s Privacy Shield 2.0 order unlikely to satisfy EU • The Register

In short An executive order signed by President Biden on Friday to establish new rules for how the United States and Europe share people’s private personal information may still fall short of the EU’s wishes, the defender said. Privacy which threw out previous regulations in court.

The executive order is designed to codify agreements the EU and America reached earlier this year that would reinstate the Privacy Shield, albeit version 2.0 of it. It is a framework that defines how, when and what citizen data is sent abroad, between Europe and America.

The new framework addresses concerns raised in a 2020 case known as Schrems II, named after Max Schrems, the Austrian privacy activist who took the case to the Austrian Court of Justice. EU (CJEU). Schrems II overturned the Privacy Shield, in part because EU citizens did not have the right to ask the US government if they felt their data had been improperly collected.

Biden’s order addresses these issues by limiting how signals intelligence can be collected by U.S. spy agencies and placing the collection of information behind multiple layers of conditions, including ensuring that only data closely adapted are collected.

The new framework also sets up a Data Protection Review Tribunal made up of non-government employees to hear cases from EU citizens, provided their complaints are first referred to the Civil Liberties team. from the Office of the Director of National Intelligence for review.

That said, Schrems says Biden’s order is unlikely to satisfy EU law, and he should know that — he killed previous versions. According to Schrems, while some terms may have changed in the new agreement, the EU and US still don’t appear to define certain terms, such as “proportionate”, in the same way.

“Ultimately, the CJEU definition will prevail, likely killing any EU decision again. The European Commission is once again turning a blind eye to US legislation, to allow spying on Europeans to continue,” he said. Schrems said.

NOYB, Schrems’ privacy organization, said in its response to Biden’s EO that the Data Protection Review Court is not a real court as legally defined by US law. , and criticized the number of appeals for EU citizens, saying there was no additional guarantee they would be heard beyond previous frameworks.

The bottom line? This one probably won’t hold up and could give Schrems a hat trick. “At first glance, it seems that the fundamental issues have not been resolved and sooner or later it will come back to the CJEU,” Schrems said.

The UK and US reached a data sharing agreement earlier this week.

Albania assesses NATO response to Iranian cyberattacks

Iran’s cyberattacks against Albania last summer were so serious that the Albanian prime minister actually considered invoking NATO’s mutual defense pact for the first time following a cyber incident. .

In an interview with Politico, Prime Minister Edi Rama said he decided not to invoke Article Five to avoid risking an escalation. “I have too much respect for our friends and allies to tell them what to do… We are always very careful to be very humble in our assessments,” Rama said.

The July attack came just months after the Albanian government shut down many offices in favor of online services. Albania severed ties with Iran after the attack and faced another round of cyberattacks in September that were also believed to come from Iran. The United States has since sanctioned Iran’s intelligence agency for the attacks.

Rama did not invoke Article Five, but by mentioning the possibility, he opened the door for other NATO leaders also considering the possibility. As for what this might entail, it is worth consulting the joint communiqué issued by the heads of 30 NATO states in July 2021, in particular paragraph 32, which discusses NATO’s commitments regarding cyberattacks.

“A decision as to when a cyberattack would lead to the invocation of Article 5 would be made by the North Atlantic Council on a case-by-case basis…If necessary, we will impose costs on those who harm us. Our response must not be limited to the cyber domain,” the alliance leaders said.

Facebook reports 402 fraudulent phone apps found on Android and iOS

When it comes to logging into apps with your Facebook credentials, beware. A report from the social media giant this week listed 402 apps found on Android and iOS app stores that contained malicious Facebook login prompts that stole users’ login credentials.

The apps are “disguised as photo editors, games, VPN services, business apps and other utilities,” Facebook said, which features “Login with Facebook” prompts. As is the case with these types of scams, the entered credentials are immediately sent to the controller of the application.

Facebook said it reported the apps to Google and Apple, which removed all offenders before the report was published.

There’s little point in being nosy when it comes to guessing where most malware is – of the 402 Facebook apps listed in the report, 355 can be found on Android and only 47 on iOS.

To make matters worse for members of the Google ecosystem, apps found by Facebook were all over the map on Android, with entries spanning the gamut of the categories mentioned above.

In Apple’s case, all malicious applications belonged to two types: business/page management applications and Facebook ad management software. Just avoid those or log into apps using social media credentials, and you’ll be fine. ®