Kenneth Propp

In the IAPP piece New EU data blockage as German court would ban many cookie management providers, Dan Felz and Peter Swire examine the potential EU-wide impacts of a Wiesbaden court decision prohibiting a cookie management provider from utilizing a U.S.-based service to collect data, regardless of whether such data had ever actually been transferred out of the EU. Although the decision was made at the interim injunction stage and could thus be modified if the case proceeds to trial, its [...]

In the Monday, December 20th Lawfare article titled Towards OECD Principles for Government Access to Data: Can Democracies Show the Way?, Theodore Christakis, Kenneth Propp and Peter Swire discuss the role that democracies can play in establishing trusted international standards for cross-border data flows.  Drawing upon documents made available by the Organization for Economic Cooperation and Development (OECD) as well as interviews conducted by the team with governments, institutions, corporate bodies and academic thought leaders in the field, the authors [...]

France’s national cybersecurity agency (known as ANSSI) is revising its cybersecurity certification and labeling program (known as SecNumCloud) to disadvantage—and effectively preclude—foreign cloud firms from providing services to government agencies as well as 600-plus firms that operate “vital” and “essential” services. If put into place without changes, it would essentially make it impossible for foreign cloud firms, or firms using services from foreign cloud firms, to be considered “trusted.” The regulation includes severe, China-like restrictions that force foreign firms to [...]

This post was originally published by the Centre for Information Policy Leadership (CIPL) as part of the series Perspectives on Privacy and Effective Data Use in the Global Digital Economy and Society, and is reprinted here with the permission of same. ​Along with other contributors to this symposium, I have devoted much of my professional life to privacy protection. Throughout my quarter-century in the privacy field, one recurring issue has been what sorts of institutions can serve privacy, while also meeting the [...]

What should be the boundaries of government-sponsored cybertheft and surveillance beyond national borders? To what extent do apps such as TikTok pose a national-security threat? Can the United States and European Union reach an agreement on transatlantic data flows that balances economic, privacy, and national-security concerns? These seemingly disconnected questions lurked in the background of the recent inaugural meeting of the EU-U.S. Trade and Technology Council. They all point to the difficulty of defining the proper scope of state power to access [...]

Update: On November 17, 2021, the Committee of Ministers of the Council of Europe adopted the Second Additional Protocol to the Budapest Convention. The Protocol is expected to be open to parties of the Convention for signature in May 2022.[59] ***** This November, the Council of Europe (CoE) hopes to finalize the adoption of the Second Additional Protocol to the Budapest Convention, in time for the 20th anniversary of the opening for signatures of the Convention in Budapest, Hungary.[1] The Convention when [...]