Connect with us


Is the European GDPR Incompatible With U.S. Privacy Law, Including the Recent U.S. CLOUD Act?



WASHINGTON, June 20, 2018 – Data privacy experts questioned the effectiveness of the European General Data Protection Regulation as a means of regulating international data privacy on the grounds that it may be incompatible with current U.S. policies.

At the 2nd Annual Transatlantic Symposium on information communications technology and policy, industry and policy experts joined to discuss transatlantic data privacy policies such as the GDPR and the 2018 U.S. CLOUD Act, or the Clarifying Lawful Overseas Use of Data Act.

At the event hosted by the Wilson Center, social media giant Facebook also came under attack for the company’s lack of clarity regarding its data privacy policies.

GDPR was approved for the EU in April 2016, with an enforcement date of May 25 2018.  The regulations enact numerous provisions designed to protect consumers’ data privacy, including informed consent, mandatory breach notifications, and right to be forgotten.

Though enacted in the EU, GDPR is likely to have far-reaching effects as it not only applies to companies based in the EU, but any global company that processes personal data of E.U. citizens. That’s how Silicon Valley giants such as Facebook and Google are snared by it.

GDPR is seen as the most massive, large-scale global data privacy regulation law yet.

U.S. CLOUD Act puts new rules on U.S. data use, and conflicts with GDPR

In the U.S., efforts to put new rules on data flow resulted in the CLOUD Act. The law was a response to legal process surrounding the Supreme Court’s consideration of Microsoft v. United States, regarding the U.S. government’s right to retrieve data from Microsoft in Ireland.

In March, Congress amended its laws governing the U.S. government’s power to access data stored overseas. In April, the Supreme Court dismissed the prior controversy as moot under the passage of the new law.

U.K. Regulatory Policy Committee Representative Jonathan Cave explained that the GDPR and CLOUD Act may not work together.

“There are still questions whether the two laws are at all compatible,” Cave said.

The CLOUD Act’s requirements to disclose, preserve, and back up data “conflicts with some of the fair information practice principles: For example, store as little as possible only for the purposes you collected it and for as short a time as possible,” Cave said.
“There are alternatives to this,” he said. “The law was not set up to make U.S. firms find themselves in violation of GDPR. So it is possible to quash an access request if the people involved are not U.S. citizens and if complying with the request would violate the law. But that’s a judicial decision: It’s not in the text of the law, and that is problematic from the European perspective.”

Technology companies profit off the gap between the economic value of private information

Glenn Ricart, founder and chief technology officer of the U.S. Ignite non-profit ground advancing high-bandwidth technology, said that tech companies profit off of the gap between the high economic value of private information and the very low price individuals put on the information.

“We are now building some major world economic companies on this arbitrage,” Ricard said, speaking of the gap. “So the privacy that we don’t realize in some cases we’re giving up is actually powering very powerful commercial organizations in lots of countries.”

“One of the things that we can do as an organization and a cooperation in the transatlantic sense is to think about what is the role of government in modifying [the inequality between the respective worth of private data|. In the EU there is a much larger attempt in trying to understand what that is, educate the populace, and provide some protections, put them into place. In the U.S. there’s … less of an inclination to go do that,” Ricart said.

Recent hearings involving Facebook CEO Mark Zuckerberg in the U.S. and in Europe came into the discussion regarding regulation, as Cave spoke of the dangers of “competition and competition policy.”

“My reading of Zuckerberg’s appearance before the European Parliament, and also before the Senate, is that it was a plea for regulation,” Cave said.

“If your behavior and your ability to act go at variance so that people don’t opt away from large data entities whose behavior they don’t like, then market forces won’t resolve the problem,” he said. “Regulation won’t resolve the problem either.” He advocated for a combination of the two instead as a viable solution.

According to Ricart, the Zuckerberg testimony “didn’t even get into the many ways in which Facebook uses sells, [and] trades information with lots of other countries, lots of other companies.”

“I think it’s that business being so far out in advance of general understanding–governmental understanding,” Ricart said. “We’re in catch up mode here.”


Big Tech

Big Tech Must Unite Against Russian Invasion of Ukraine, Just as America and EU

The head of the Center for European Policy Analysis said America and EU need to agree on Big Tech.



Photo of Alina Polyakova by Theadora Soter

WASHINGTON, March 4, 2022 — In the wake of Russia’s invasion on Ukraine on February 24, big tech companies are grappling with how to respond. And on Monday, many leading thinkers on the role of internet in society urged them to do more.

Technology companies in the Western world need to agree on an approach to handling misinformation regarding the invasion, said Alina Polyakova, CEO  of the Center for European Politics Analysis, speaking at the State of the Net conference here on Monday.

Polyakova’s plea came during a panel regarding the U.S. and EU relations at the annual Washington policy event that takes place during the week of the State of the Union address. She said that international tech giants were being forced to grapple with what role the might be able to play in response to the Russian invasion.

Platforms including Facebook, Google and Twitter have all significantly reduced Russian-backed ads. Meanwhile, YouTube, Meta’s Facebook and TikTok are blocking Russian media organizations, like RT and Sputnik, from using their platforms within the European Union.

But Polyakova said that tech giants shouldn’t be making these decisions without government help.

“If the United States and Europe are divided on the tech agenda front, then we’ll be divided on the values front. I think we need to start really pushing our governments to not leave companies fighting the large authoritarian states on their own,” she said.

Collective action by U.S. and EU, collective action by big tech

The implementation of aggressive sanctions, including banning many Russian banks from using the international payments system SWIFT on Saturday, demonstrated a united front, at least as Ukrainians began mounting their strong defense of their capital city Kyiv as Russian forces began attacks on the city on February 25 and Saturday.

Speaking on Monday, Polyakova said she was optimistic about the cooperation between the American and Europe, stating, “Hopefully the unity we’re seeing right now between Europe and the United States in response to Russia will be channeled into greater cooperation on this agenda as well.”

Still, the lack of a united front  by the big tech companies does create a disconnect, she said.

Twitter may flag a propaganda post from the Russian government, yet Facebook may not. That adds fuel to the fire of misinformation, Polyakova said: It hinders “our ability to counter disinformation across narratives on the online space.”

She urged general regulations of big tech. “We still don’t have just a basic, regulatory framework that will give companies some guidance on what they should or should not be doing,” she said.

Continue Reading


Openreach Partners With STL For Fiber Build

Openreach aims to get 20 million fiber-to-the-premise connections by later this decade.



Screenshot of STL's Ankit Agarwal via YouTube

April 14, 2021 – STL, or Sterlite Technologies Limited, announced Wednesday a partnership with Openreach, the United Kingdom’s largest digital network business to expand its “Full Fiber” broadband network across the UK.

STL, a global network designer from India, will provide millions of kilometers of fiber to develop Openreach’s goal of 20 million fiber-to-the-premise connections by late 2020s.

“This collaboration with Openreach strengthens a 14-year-old technology and supply relationship between the two companies and further reinforces STL’s commitment to the UK market,” the company said in a statement.

Openreach will use STL’s Opticonn solution, a fiber and cable build that the company claims offers better performance and faster installation, according to the release statement. The company will also utilize STL’s new celesta ribbon cable that boasts a capacity of up to 6,912 fibers, the statement added.

“Our Full Fiber network build is going faster than ever. We need partners like STL on board to not only help sustain that momentum, but also to provide the skills and innovation to help us go even further,” Openreach’s Kevin Murphy said in a statement. “We know the network we’re building can deliver a host of social and economic benefits – from boosting UK productivity to enabling more home working and fewer commuting trips – but we’re also trying to make this one of the greenest network builds in the world.”

Ankit Agarwal, CEO of connectivity solutions business at STL, said, “our customized, 5G-ready optical solutions are ideally suited for Openreach’s future-proof network requirements and we believe they will enable next-gen digital experiences for homes and businesses across UK. This partnership will be a major step towards our mission of transforming billions of lives through digital networks,” he said in a statement.

Openreach’s network now reaches 4.5 million premises, offering gigabit-capable connection through a range of competing providers on the network, and the company is building at a rate of about 42 thousand new homes and businesses a week, according to the release.

The UK parliament has set a goal to get 85 percent of UK homes and businesses access to gigabit-speed broadband by 2025. They reported that as of September 2020, 27 percent of UK premises received that connection speed, and 95 percent have access to “superfast broadband” which the government defines as at least 30 megabits per second download speed.

Parliament acknowledged that although “superfast broadband is sufficient for most household needs today, the demand for data-intensive services such as online video streaming is increasing and can push the limits of a superfast broadband connection. The coronavirus pandemic has further highlighted the need for widely available and reliable digital connectivity.”

STL is a sponsor of Broadband Breakfast.

Continue Reading


Privacy and ‘Right to be Forgotten’ Laws Complicate Rules for Global Reporting



Screenshot from the webinar

February 8, 2021 – When sharing content in any form, publishers need to understand the legality and impact of the content may have on foreigners, especially given the European Union’s privacy law, a panel of experts concluded at a Tuesday conference hosted by the American Bar Association.

The complexity of what is legal or illegal to publish has risen in light of continuing evolution in protecting peoples’ privacy rights.

Nowadays, some question whether the posting of mugshots in a newspaper might reveal personal bias, or promote a community of discrimination among its readers. Other news organizations have moved to take down archived stories of articles that might haunt the victims involved – otherwise known as the “right to be forgotten” – or even refrain from publishing minor crimes to protect privacy rights.

To further complicate the issue, what might be acceptable and perfectly legal to publish in one country may not be the same in another country, legal experts said at the ABA’s Communications Law Conference forum on February 2.

There are a few ways news organizations can accomplish this, said Lauren Fisher, chief legal officer at Vox Media.

When distributing content, news organizations can geoblock their audience  from sharing information widely that may run offside of foreign laws.

EU’s General Data Protection Regulation complicates global reporting

In comparing U.S. law with the EU’s stringent General Data Protection Regulation privacy law, Fisher said it would be best for a U.S. organization to have no physical or digital presence in the EU if it wants to avoid complying with GDPR requirements.

However, this is extremely difficult because the internet has no borders, and the dissemination of information online can hardly be contained.

The GDPR is crucial knowledge because it ensures U.S. companies are respecting trade agreements between the U.S. and the 27-country pact.

Relatively recently, U.S. companies have needed to ensure their audiences know precisely what is being done with the collected personal data. For example, GDPR-compliant websites now require users to transparently make clear that tracing cookies are being used. Other rules include explicit opt-in for data collection or tracking.

Difficult-to-square rules from country to country

And therein lies some of the complications: Publishing rules can vary significantly between countries.

For example, when trying to conform to EU rules, a newsroom in New York can be hamstrung by foreign privacy laws if an investigation it’s doing involves British citizens, said Randy L. Shapiro, global newsroom counsel for Bloomberg news. Reporters need to understand the legality of reporting such information, he said.

Similarly, publishing companies abroad must be aware of proper reporting rules. If a reporter from a global newspaper moves from the U.S. to the EU, their reporting practices may not be allowed through border security. This is so because it’s not just about foreign publishing issues — it’s also about domestic privacy concerns.

For example, in some jurisdictions sports athletes can sue if information about their drug test failure is leaked, on the grounds of invasion of privacy concerning medical records, said Mark Stephens, Partner at London-based

In other cases, said Gabriela Zanfir-Fortuna, senior counsel of the Future of Privacy Forum, it’s also about knowing which other countries are following GDPR rules.

Continue Reading

Signup for Broadband Breakfast

Twice-weekly Breakfast Media news alerts
* = required field

Broadband Breakfast Research Partner