National Security

European Parliament Calls to Suspend Privacy Shield

Written by

On the heels of the Committee on Civil Liberties, Justice and Home Affairs’ (LIBE) recent resolution, the full European Parliament on July 5 adopted a resolution calling for the suspension of the EU-U.S. Privacy Shield agreement if the U.S. fails to comply in full by September 1, 2018.  With a vote of 303 in favor and 223 opposed with 29 abstentions, the Parliament passed the resolution and stated concerns about the enforcement of the Privacy Shield framework and about U.S. surveillance and privacy law generally.  Regarding the resolution, LIBE Chair and rapporteur Claude Moraes said “[t]his [...] Read more

European Parliament’s Civil Liberties Committee Targets EU-U.S. Privacy Shield, Cloud Act

Written by

On June 12, 2018, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) passed a resolution calling on the European Commission to suspend the EU-U.S. Privacy Shield unless the U.S. fully complies with the framework’s requirements by September 1, 2018.  With a vote of 29 votes in favor, 25 opposed, and 3 abstentions the LIBE passed the draft resolution calling on the European Commission to (1) ensure that the Privacy Shield fully complies with the GDPR and the EU charter so as to not create loopholes or competitive advantage for US companies; and (2) restart [...] Read more

DHS and FBI Issue a Joint Technical Alert with UK Warning Russian State-Sponsored Cyber Attacks

Written by

On April 16, 2018, the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre issued a joint Technical Alert (TA), alerting the worldwide cyber exploitation of network infrastructure devices by Russian state-sponsored cyber actors.  The TA explains primary targets to be government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors.  The affected systems include: Generic Routing Encapsulation (GRE) Enabled Devices; Cisco Smart [...] Read more

Irish High Court Refers Schrems 2.0 to the ECJ

Written by

On April 11, Justice Caroline Costello of the Irish High Court referred the Schrems 2.0 case to the Court of Justice of the European Union (ECJ) with 11 questions for the ECJ to answer. Per Justice Costello, the sole issue in the case is whether the European Commission’s Decisions regarding standard contractual clauses (SCCs) are valid, which is reflected in the 11 questions posed. The reference asks the ECJ to determine: Whether provisions of EU law related to national security, public security, defense, and state security apply to transfers of data outside the EU under SCCs; Whether [...] Read more

Supreme Court Hears Oral Argument in the Microsoft Ireland Case

Written by

On Tuesday, February 27th, the U.S. Supreme Court heard oral argument in United States v. Microsoft Corp. on whether a warrant issued under the Stored Communications Act (SCA) can compel the production of data stored outside the United States. Where Microsoft argues that the emails stored outside the United States also lie outside the reach of the SCA, the government contends that the SCA focuses on “classically domestic content,” and that Microsoft can be compelled within the U.S. to turn over records it controls regardless of where the data sought is stored. This case began in December [...] Read more

EU DPAs and the Future of Privacy Shield

Written by

The Article 29 Working Party group (WP29) of European data protection authorities recently announced that they will legally challenge the adequacy of the Privacy Shield Framework unless the U.S. government addresses certain “prioritized concerns” by May 25, 2018. Privacy Shield provides a framework which helps over 2500+ participating U.S. companies legally transfer EU personal data to the United States. The WP29 announcement follows a report and press release from the European Commission in October which stated that “the Privacy shield continues to ensure an adequate level of protection.” [...] Read more

Challenge to Privacy Shield Dismissed by EU General Court

Written by

In October of last year, we reported that digital rights advocacy group Digital Rights Ireland (“DRI”) had brought an action to annul the EU-U.S. Privacy Shield.  DRI filed its challenge before the General Court of the European Union, which is the court of first instance in the EU system with exclusive jurisdiction over challenges to the validity of EU legal acts.  Last week, the General Court dismissed DRI’s challenge, meaning that Privacy Shield remains valid and in force. DRI based its Privacy Shield suit on Article 263 of the Treaty on the Functioning of the European Union (TFEU), [...] Read more

Professor Peter Swire Publishes his Expert Testimony from Schrems 2.0

Written by

Peter Swire, Elizabeth and Thomas Holder Chair at the Georgia Tech Scheller College of Business and senior counsel at Alston & Bird, has made public his expert testimony from the landmark Irish High Court Case Data Protection Commissioner v. Facebook Ireland Limited & Maximillian Schrems. Under the Irish Court’s rules, Swire was asked to provide an independent opinion on U.S. surveillance law to assist the Court in its decision. Swire’s testimony highlights U.S. systemic remedies, U.S. individual remedies, Foreign Intelligence Surveillance Court oversight, and the broader implications [...] Read more

Fourth Circuit Court of Appeals Allows Wikimedia Upstream Suit to Proceed

Written by

On May 23, 2017, the Fourth Circuit Court of Appeals issued its opinion on Wikimedia foundation v. NSA/CSS. The Court vacated and remanded the NSA’s previously successful motion to dismiss Wikimedia’s Fourth and First Amendment claims against the NSA’s Upstream surveillance program, while a 2-1 majority upheld the dismissal of the eight other organizations joined as co-plaintiffs. The Court held that Wikimedia’s complaint contained sufficient factual allegations to determine Article III standing and that the District Court misapplied Clapper v. Amnesty International USA’s analysis of [...] Read more

President Trump Signs Long-Awaited Cyber Executive Order

Written by

On May 11, 2017, President Trump signed a long-awaited executive order on cybersecurity (the “Order”).  The Order directs executive agencies to complete a risk management report based on the NIST Cybersecurity Framework (the “Framework”) and also requires the Department of Homeland Security (DHS) and other agencies to undertake activities in support of effective cybersecurity risk management for operators of critical infrastructure.  More generally, the Order directs several agencies to submit reports to the President on a varied set of cybersecurity-related topics.  These measures demonstrate [...] Read more