What should be the boundaries of government-sponsored cybertheft and surveillance beyond national borders? To what extent do apps such as TikTok pose a national-security threat? Can the United States and European Union reach an agreement on transatlantic data flows that balances economic, privacy, and national-security concerns? These seemingly disconnected questions lurked in the background of the recent inaugural meeting of the EU-U.S. Trade and Technology Council. They all point to the difficulty of defining the proper scope of state power to access and exploit data—one of the defining governance challenges of our time.

Update: On November 17, 2021, the Committee of Ministers of the Council of Europe adopted the Second Additional Protocol to the Budapest Convention. The Protocol is expected to be open to parties of the Convention for signature in May 2022.[59] ***** This November, the Council of Europe (CoE) hopes to finalize the adoption of the Second Additional Protocol to the Budapest Convention, in time for the 20th anniversary of the opening for signatures of the Convention in Budapest, Hungary.[1] The Convention when created focused especially on addressing one category of crime, cybercrime, which often involved attacks from a foreign country.  By contrast, the past two decades have seen the “globalization of criminal evidence.”[2] Due to cloud computing and other developments, evidence relevant to the investigation of many sorts of crimes may be stored in a country other than the site of the crime.[3]  The new protocol has sought to address issues concerning investigation of these additional categories of crime.

In the article U.K.’s Post Brexit Strategy on Cross-Border Data Flows, CBDF Research Director Peter Swire provides insight regarding the recent announcements by the U.K. Department for Digital, Culture, Media & Sport (DCMS) and how these announcements intersect with Brexit and the decision of the Court of Justice of the European Union (CJEU) in Schrems II. In addressing this recent activity by the U.K. government, Mr. Swire provides insight into the recent developments between the U.S. and EU following Schrems II and the data flow challenges between the EU and the U.K.  Lastly, Mr. Swire offers a number of initial observations about the DCMS announcements and possible changes to cross-border data flows.

In “Avoiding the Next Transatlantic Security Crisis: The Looming Clash over Passenger Name Record Data,” Kenneth Propp examines how Passenger Name Record data may become another area for EU/U.S. negotiations about the handling of personal data.  In summary, the article states:

This post was originally published by about:intel, and is reprinted here with the permission of same. 11. June 2021 Recent reports of Danish intelligence cooperating with the U.S. National Security Agency in monitoring undersea cables in 2012-14 have briefly pushed Edward Snowden’s revelations back into the news, but the more significant development is change in the legal landscape for bulk surveillance on both sides of the Atlantic.  While the United States government has definitively discontinued a controversial telecommunications metadata collection program exposed by Snowden, European governments have received a mostly green light from the Court of Justice of the European Union (CJEU) to continue their own bulk metadata programs for national security purposes.  With transatlantic commercial data transfers endangered by the CJEU’s Schrems II judgment on U.S. surveillance law last year, it’s time to ask whether the transatlantic gulf in this area is still as big as commonly thought.

This post was originally published by the Atlantic Council in its New Atlanticist blog, and is reprinted here with the permission of the Council: Do continued EU data flows to the United Kingdom offer hope for the United States? - Atlantic Council. As the Biden administration and the European Commission “intensify” negotiations to re-establish a stable transatlantic data-transfer framework, Brussels separately is moving ahead to enable unrestricted data flows with two other major trading partners: the United Kingdom and the Republic of Korea.