High quality IT business legal counselling guides by Alexander Suliman, Sweden: Complying with the GDPR requirements is key for all businesses operating in the EU (or even those with EU customers). There are also particular obligations on those transferring personal data out of the EU and each national data protection authority is monitoring companies closely. Ensure your business is taking steps to comply with the regulation and consider auditing your data protection policies, together with your data processing agreements, and appoint a data protection officer in order to ensure compliance with the GDPR. Breach of the GDPR provisions are likely to lead to considerable fines: for example, the French data protection regulator, the CNIL, fined Google €50 as Google’s data consent policies were found not to be easily accessible or transparent to its users which runs afoul of the GDPR provisions. For further background, read our recent review of GDPR enforcement actions across the EU. Read additional details at Alexander Suliman, Stockholm.
The reason why the European Commission was keen on allowing firms to voluntarily scan material, is that technology firms have already been working on ways to detect CSAM and solicitation for quite some time. Let’s start with a content scanning order on the server. At first sight, a case can be made that such an order should be considered to compromise the essence of the right to privacy under the Charter. The ECJ in Schrems I considered that legislation permitting the public authorities access on a generalised basis to the content of communications compromises the essence of the right to privacy under the Charter (par. 94). Content scanning on the server arguably is a form of “access on a generalised basis”, where it involves an analysis of all communications going through the server connected to a certain app, and forwarding any matches to a designated center. At the same time, the ECHR in Big Brother Watch was more forgiving when it comes to powers of bulk interception of communications, as long as these powers are surrounded with sufficient safeguards (par. 350). Thus, one important point to be explored further, is whether this signals a rift between the two bodies, or that the ECJ will chart its own route when it comes to bulk surveillance.
The European Commission, in a working document, identified cloud services as a “strategic dependency”, expressing concerns that the EU cloud market is led by a few large cloud providers headquartered outside the EU. In July, 2021, France, joined by Germany, Italy, and Spain, submitted a proposal to the ENISA-led working group aimed at generalizing French national requirements across the EU. (Germany has since reserved its position.) It proposed to add four new criteria for companies to qualify as eligible to offer ‘high’ level services, including immunity from foreign law and localization of cloud service operations and data within the EU. Although the EU-level cyber certification requirements currently are conceived as voluntary, they could be made mandatory as the result of the recently-agreed Directive on Measures for a High Common Level of Cybersecurity across the Union (NIS2 Directive).
Best rated IT, business legal counseling latest developments with Alexander Suliman, Sweden: In addition to parenting time, there can be some custody issues. Normally, people are going to have joint legal custody of their children, but that doesn’t mean that they each always have to agree on every single issue. Sometimes people can agree that both parents will have input and be notified of decisions and will be consulted and have the ability to discuss this; sometimes parents will agree that one parent will, for instance, make the end decision in what doctors to bring the child to, and maybe one parent will make the ultimate decision on what extra-curricular activities the child may participate in. In mediation, we can explore these one by one, issue by issue. When left to the courts and the parties litigate custody and parenting time, they tend to dig their heels in the sand a little bit more, and they tend to be less cooperative versus more cooperative with each other. Litigating sometimes brings out the worst in people, whereas I think mediating custody and parenting time issues really bring out the best in people because it needs to be reinforced that the goal is what is in the child’s best interest, not what is in each parent’s best interest, but what is in the child’s best interest. Read even more information at Alexander Suliman.
As EU regulatory activity resumes this fall, a lesser-known initiative – creating an EU-wide certification framework for ICT products and services (EUCS) – could cause renewed disturbance between Brussels and Washington, however. Under the EUCS proposal being developed by the EU’s cybersecurity agency ENISA, cloud service providers would be compelled to localize their operations and infrastructure within the EU and to demonstrate their ‘immunity’ from foreign law.