Congress pressed to pass the Email Privacy Act

Along with Amazon, Dropbox, Facebook, Google, Yahoo and Wikimedia, more than 50 tech companies and tech institutes signed a letter in support of the Email Privacy Act passed earlier this year by the U.S. House of Representatives. Although they expressed scepticism towards what has not been pursued in terms of desired reforms, companies consider the bill as a carefully negotiated compromise. eThe proposal intends to eliminate the “180-day rule” settled by the precedent law, the Electronic Communications Privacy Act signed into law in 1986, which until now has allowed email communications to be obtained without a warrant after 180 days with just a subpoena, which does not require a judge. Federal agencies like the Securities and Exchange Commission are against the bill. The bill is part of the vote on the National Defense Authorization Act (NDAA). The defence spending bill is expected to go into conference during the next weeks and a final vote is expected later this year.

Link to the original article

Europe and Japan start adequacy decision procedure

Europe and Japan have reached one of the most important goals of mutual recognition in the area of privacy law, having considered each other’s system of protection as equivalent. Although the procedure has just been launched, reciprocal evaluation of an equivalent data protection system will have a major impact on the economy of data and foster its circulation. Data flows between countries have been in the focus lately as the GDPR requires strong proof of adequate protection from non-EU countries. The draft is expected to be approved, but this will require several steps including the opinion of the European Data Protection Board.

The European Commission’s press release is available here

LabCorp fears massive data breach

On July 16 LabCorp, a healthcare diagnostics company, announced that suspicious activity detected on its information technology network triggered a preventive measure of taking certain systems offline to contain the activity and reduce risks of a wider network breach. The response affected the full functioning of the system, including test processing and customer access. Although there is no evidence of unauthorized transfer or misuse of data, LabCorp has already notified the authorities declaring that they will cooperate in any investigation. Considering that the company processes the information of more than 2.5 million patients per week, the main concern regards the possible exposure of millions of health records kept to provide diagnosis, drug development and technology-enabled solutions. In  August 2017, the data of 1.2 million NHS patients was hacked.

A link to the form sent to the U.S. Securities and Exchange Commission is available here

The U.S. seriously endangered by cybercrime

Following the recent meeting between Presidents Trump and Putin in Helsinki, new doubts have emerged about the possible cybersecurity alliance that Trump tweeted about after a meeting held with Putin last year. In a speech on July 13, U.S. Director of National Intelligence Dan Coats outside that “the warning lights are blinking red again, in the same way as they were months prior to September 2001”. Coats lists Russia, China, Iran, and North Korea as the worst offenders and calls Russia the most aggressive actor. Despite the meeting in Helsinki, there is a growing distance between U.S. views on diplomacy and national security yet.

Find Coats’ declarations here (CNN article)

Find report on the cybersecurity alliance here (Reuters article)

Lithuania introduces new law on legal protection of personal data


On July 16 the new Lithuanian data protection law entered into force. Its 35 articles are mostly focused on the powers of supervisory authorities, processing employee data and national identification numbers. The law “applies to controllers and processors established in Lithuania, as well as to controllers following the Lithuanian law by virtue of the public international law”. With respect to businesses offering goods or services or monitoring of behaviour of data subjects in the EU, the law applies only to those controllers and processors that have designated a representative in Lithuania. The new law comes more than a month after May 25 deadline set by the EU.

The Lithuanian law on data protection is available here (in Lithuanian language)