[CB20] Life After Privacy Shield – Will Data Transfer Laws Stop the World Doing Business? by Jonathan Armstrong

•

0 gefällt mir•152 views

This presentation will look at the history of the Schrems litigation and the recent ECJ case decision referred from Ireland. My film here gives some background https://bit.ly/pshielddead. This has been called the most significant litigation in the history of data transfer and involved an Austrian law student succeeding against the might of both Facebook and the US government. It’s a gripping story and one that I’ve followed for more than 6 years now but it has important lessons for global business. The talk will also look into the political difficulties facing data transfer from the EU to the US. We’ll then look at some additional questions posed by the judgment and the current political climate: - Will Trump build bridges? - How will this be resolved? - What does this mean for other jurisdictions including Russia and China? - What does this mean for Japan? - Can national security and data protection ever survive together? - Why has data transfer become so political? - How can corporations in Japan minimise their risk?

Präsentationen & Vorträge

@CorderyUK
Life After Privacy Shield –
Will Data Transfer Laws Stop
the World Doing Business?
Jonathan Armstrong
29 October 2020

@CorderyUK© Cordery 2020
History
• 2011 - Santa Clara lecture
• SAR to Facebook
• 2013 - Schrems makes complaint to DPC about Facebook
• July 2014 - Irish High Court refers Schrems I to ECJ
• October 2015 - Safe Harbor struck down
• November 2015 - Schrems II case appealed to Austrian
Supreme Court
• December 2015 - Schrems complains to DPC about SCCs
• July 2016 - Privacy Shield adopted
• July 2020 Privacy Shield struck down by ECJ (Switzerland
& Israel followed)
2

@CorderyUK© Cordery 2020
Will Trump build bridges?
3

@CorderyUK© Cordery 2020
Will Trump build bridges?
1. Unlikely?
2. Election year
3. Increased focus on security
4. Xenophobia (and Sinophobia)
5. Obama’s more compromising administration could not
provide a fix
4

@CorderyUK© Cordery 2020
Will this be resolved?
1. SCCs
2. Issue avoidance
3. Self-help by corporations
4. Reassuring words from European Commission
BUT:
1. Litigation (e.g. potential Amazon class action)
2. Regulators will act
3. Schrems IV!
5

@CorderyUK© Cordery 2020
What does this mean for Russia and China?
6

@CorderyUK© Cordery 2020
What does this mean for Russia and China?
1. Possibly greater scrutiny
2. However less commercial impetus
3. Increased issues for China native offerings e.g. TikTok
7

@CorderyUK© Cordery 2020
What does this mean for the UK after Brexit?
8

@CorderyUK© Cordery 2020
What does this mean for Japan?
9

@CorderyUK© Cordery 2020
What does this mean for Japan?
1. Greater focus on ‘adequacy’ (see e.g. 2/10/2020
announcement re higher fines)
2. Annual reviews by EU? (and UK?)
3. Possibility of greater scrutiny of activities of Japanese
security services (e.g. enquiry sheet system; Snowden
allegations e.g. XKEYSCORE & MALLARD)
4. Greater scrutiny of laws protecting data of non-Japanese
nationals from state surveillance (e.g. new PPC English
language helpline)
5. More prospect of pressure group activities
6. Class actions?
7. Greater role for InfoSec & Legal in decision making?
10

@CorderyUK© Cordery 2020
Can National Security and Data Protection ever survive
together?
11

@CorderyUK© Cordery 2020
How can organisations in Japan minimise risk?
12

@CorderyUK© Cordery 2020
How can organisations in Japan minimise risk?
1. Set out clear rules
2. Place strong emphasis on security
3. Look at Standard Contractual Clauses/Model Clauses
(SCCs)
4. Be prepared to explain limits on Japanese law
5. Look at other measures e.g. ombudsmen, notice of
requests for data
6. Look at future change – one man can change your
world
13

@CorderyUK© Cordery 2020
Resources
GDPR FAQs – www.bit.ly/gdprfaqs
GDPR Glossary – www.bit.ly/gdprwords
Privacy Shield (Schrems III Case) - https://bit.ly/pshielddead
Swiss Privacy Shield collapses - https://bit.ly/swisspshield
GDPR 2 Years On (Film) https://www.corderycompliance.com/gdpr-first-2-
year-part-1/
SCCE Article on GDPR 2 Years On - https://www.corderycompliance.com/2-
years-gdpr-security-breach-lessons/
GDPR, data transfer and investigations - https://bit.ly/gdprinvest
Facebook case - https://www.corderycompliance.com/ireland-dpc-halts-fb-
dating-service/
Film on brands in a crisis – www.bit.ly/levickfilm
Amazon litigation over Privacy Shield - https://bit.ly/berlindp
14

@CorderyUK@ Cordery 2020
Questions
Jonathan Armstrong
Partner
Cordery
T +44 (0)20 7075 1784
E jonathan.armstrong@corderycompliance.com
@armstrongjp

Weitere ähnliche Inhalte

Was ist angesagt?

Amicus curae roskomsvoboda_echr_kharitonov case

Sarkis Darbinyan

Preventing Abuse on Facebook During the 2018 US Midterm Elections, Facebook's...

mysociety

These slides explore significant issues arising under data protection for both users and platforms as a result of the publication of third party personal data on such sites. Although the GDPR’s new wording of the household exemption could potentially exclude non-intrusive processing (e.g. sharing innocuous pictures taken in public), the Court of Justice of the EU (CJEU) is increasingly insistent that users acquire responsibilities when the publish such data to an indeterminate number. In principle, most EU Data Protection Authorities (DPAs) accept this although others including the UK and Irish have been very resistant. Many users could therefore have weighty data protection obligations here, although if contributing to a collective public debate they may be covered by the journalistic/special expression derogation and in any case there is a need for a balance with freedom of expression. CJEU ʻjoint controllerʼ case law also points to social networking sites have their own duties here, a proposition which has been backed by Working Party, the UK DPA and the UK courts. Whilst the e-Commerce ʻhostʼ shield should significantly limit ex ante responsibility here, this must be tempered by the ʻduty of careʼ which is inherent in being a ʻcontrollerʼ under data protection. In sum, data protection in principle remains central to the regulation of ʻonline harmsʼ here although ensuring effective and well-balanced regulation in practice remains a formidable challenge. See further: “Intermediary Publishers and European data protection: Delimiting the ambit of responsibility for third-party rights through a synthetic interpretation of the EU acquis”, International Journal of Law and Information Technology (Vol. 26(3), pp. 189-225) (2018) - https://academic.oup.com/ijlit/article/26/3/189/5033541 “Beyond ʻHaving a Domesticʼ? Regulatory Interpretation of European Data Protection Law and Individual Publication”, Computer Law and Security Review (Vol. 33 (3), pp. 275-297) (2017) - Pre-print https://www.repository.cam.ac.uk/handle/1810/263883

European Data Protection and Social Networking

David Erdos

Personal Data in Russia

Adrien Henni

The EU’s General Data Protection Regulation (GDPR) is the most significant change to consumer privacy laws in decades and the enforcement date is approximately 1 month away. The standards for data collection and use in the EU will significantly differ from those in the United States. This session will breakdown the differences and discuss methods for compliance going forward. PRESENTER Gary Kibel, Partner, Davis & Gilbert LLP @GaryKibel

GDPR Is Coming – Are Emailers Ready?

MediaPost

scce-cep-2015-06-Dhont-1-04

Jan Dhont

These slides provide an overview of the personal data relationship between the UK and EU after Brexit. Under the Trade and Cooperation Agreement, the UK will have the closest connection with the EU here outside the European Economic Area and Switzerland. This is especially clear in the area of justice and security where there is very extensive provision for data exchange based on common standards. However, in the general area of data protection the framework only points to mutual adequacy. Even with the evolving formulation of this as “essential equivalence”, significant flexibility is retained and this may ultimately result in more substantive divergence than EU-Switzerland given the UK’s more distinct data protection approach. Common bona fide implementation of the Council of Europe’s Data Protection Convention 108+ may provide a good lodestar in the medium term and I very tentatively map out what this may could mean for default standards in the UK related to sensitive data and integrity and also specific substantive restrictions to ensure a more graduated approach and reconciliation with other competing rights.

The UK and EU Personal Data Regime After Brexit: Another Switzerland?

David Erdos

SUMMARY OF NEW IT RULES

Gajendra Singh Thakur

The GDPR takes affect on May 25, 2018, and you may need to make some changes to your website to stay in compliance or risk facing fines. The implications for most of us are likely minor, but some of our clients could have much greater needs. It's a complicated subject, so we'll big digging into: - What the GDPR really is - How it affects websites based in the US - What the penalties could look like - Tools and plugins to help you prepare

GDPR: Keep Your Website Out of Legal Trouble

Mickey Mellen

The frequency of data-related incidents could change with the impending General Data Protection Regulation (GDPR) – the EU’s law that comes into effect in May. The major update to the previous EU data protection law aims to regulate the use and treatment of an individual’s personal data. A new regulation means organisations that use data will need to be more careful and explicit with gaining consent. After May, companies that maintain poor data protection practices will not only be breaking the law, but could face a hefty €20 million fine or four per cent of a company’s annual turnover. Needless to say, the GDPR is a pretty big deal with even bigger consequences. Still, no need to panic. Here's everything you need to know about the GDPR.

Everything you need to know about the GDPR

Spoon London

To watch the full on-demand webinar recording please visit: https://info.truste.com/WB-2016-05-19-Insight-Series-Global-Privacy-Enforcement-Priorities_RegPage-OnDemand.html As the scope of EU law extends its reach globally, we are also seeing greater international regulatory co-operation. Whether it’s the FTC, the FCC or European DPAs - global privacy regulators are taking steps to prioritize and address top concerns that affect everyone on a global scale. In this on-demand webinar the speakers will: • Review the latest case law and enforcement actions from the last 12 months • Address the impact of the rise of activism and the role of individuals like Max Schrems who have forced legal changes • Provide their perspectives on future outcomes and how to keep your company out of the regulatory spotlight Register to watch this on-demand webinar now to to learn how to keep your company out of the regulatory spotlight: https://info.truste.com/WB-2016-05-19-Insight-Series-Global-Privacy-Enforcement-Priorities_RegPage-OnDemand.html

[Privacy Webinar Slides] Global Enforcement Priorities

TrustArc

FINAL REPORT

Martina Lindblad

Cyber risk challenge and the role of insurance

Munich Re

ESET Quick Guide to the EU General Data Protection Regulation

ESET

EU Privacy Shield - Understanding the New Framework from TRUSTe

TrustArc

Topics covered include: Key highlights of the new GDPR (General Data Protection Regulation) Who is affected ‘Privacy Shield’ proposals versus US-EU Safe Harbour framework Timeline for implementation and enforcement of GDPR What should you be doing to prepare for the new legislation Speaker line up Martin Hoskins, Associate Director at Grant Thornton UK LLP Matthew McGrory, Managing Director at Carrenza Ltd A business that is not GDPR compliant by May 2018 may face a fine of 4% of its annual turnover Reasons to attend This session delivered in partnership with Grant Thornton will give you the knowledge on how to ensure compliance with GDPR and avoid penalties and highlight what companies can do now in light of the new legislation; what types of cascade effects there will be on operations and businesses; the impact of the privacy shield; and further discussion on what Brexit means for the GDPR.

How will your business be affected and what you can do to stay ahead of the n...

Carrenza

General Data Protection Regulation: what do you need to do to get prepared? -...

IISPEastMids

Data Privacy and Security in the Digital age Ukraine - Patrick Bell

UBA-komitet

Legal Aspect of the Cloud by Giuseppe Vaciago

Tech and Law Center

In the event of Brexit, the UK will leave the EU Charter, the GDPR and related EU instruments. It will, however, remain committed not only to achieving EU ‘adequacy’ standard but doing this within the framework of Council of Europe’s Data Protection Convention 108+. These slides therefore explore the commonalities and contrasts between EU DP and Convention 108+. Both have a similar scope and common principles. However, Convention 108+'s transparency and sensitive data rules are considerably less stringent and there are many fewer compulsory controller discipline provisions. Whilst only modest change should be expected initially as the UK will essentially replicate the GDPR in the short-term, this less prescriptive and more flexible approach is likely to exert an influence on UK data protection should Brexit happen.

Comparing EU and Council of Europe Data Protection Standards in the Context o...

David Erdos

Was ist angesagt? (20)

Amicus curae roskomsvoboda_echr_kharitonov case

Preventing Abuse on Facebook During the 2018 US Midterm Elections, Facebook's...

European Data Protection and Social Networking

Personal Data in Russia

GDPR Is Coming – Are Emailers Ready?

scce-cep-2015-06-Dhont-1-04

The UK and EU Personal Data Regime After Brexit: Another Switzerland?

SUMMARY OF NEW IT RULES

GDPR: Keep Your Website Out of Legal Trouble

Everything you need to know about the GDPR

[Privacy Webinar Slides] Global Enforcement Priorities

FINAL REPORT

Cyber risk challenge and the role of insurance

ESET Quick Guide to the EU General Data Protection Regulation

EU Privacy Shield - Understanding the New Framework from TRUSTe

How will your business be affected and what you can do to stay ahead of the n...

General Data Protection Regulation: what do you need to do to get prepared? -...

Data Privacy and Security in the Digital age Ukraine - Patrick Bell

Legal Aspect of the Cloud by Giuseppe Vaciago

Comparing EU and Council of Europe Data Protection Standards in the Context o...

Ähnlich wie [CB20] Life After Privacy Shield – Will Data Transfer Laws Stop the World Doing Business? by Jonathan Armstrong

The enactment of the GDPR in May of 2018 established a new data privacy precedent around the globe. While the GDPR aims to regulate the entirety of personal data processing in Europe, its massive volume and scope stand out from other global data privacy initiatives. Since 2018, other countries and states have modelled their privacy regulations after the trailblazing standards set forth in the GDPR. Now, as the GDPR celebrates its 4th (or 6th?) Birthday, join our panel to dissect the impacts of the GDPR on data privacy and what the future holds. This webinar will review: - Is the GDPR 4 or 6 years old? - How has the GDPR advanced the data privacy industry? - What global changes have come as a result of the GDPR? - What’s next for personal data processing, international transfers, and enforcement of the GDPR?

TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?

TrustArc

Patricia Ayojedi V SCTC day Cloud 24 feb16

Agustin Argelich Casals

Advanced Data Protection training for volunteers

Parkinson's UK

Spain is responsible for 80% of European Data Protection fines. (on page 3)

Aurélie Pols

The webinar covers: • What is Safe Harbour, and how companies were relied on it • How the end of it will affect US firms • What will happen next • How companies will react • The implications of this act • What is the solution to this Presenter: This session was hosted by Mr. Graeme Parker, Managing Director of Parker Solutions Group, a PECB representative in UK. Mr. Parker has more than 20 years of experience in information security, and data privacy, and was also involved with many companies that were relied on Safe Harbour. Link of the recorded session published on YouTube: https://youtu.be/cbPUTVtxem0

PECB Webinar: The End of Safe Harbour! What happens Next?

PECB

Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...

John Nas

To date most of the focus on the Semantic Web has, quite rightly, been focused on the enabling technologies. However, as the technologies are becoming more mainstream, and as ever increasing volumes of Linked Data is produced, the implications of linking this data becomes more of an issue. This presentation highlights some of the current thinking as to the possible legal implications of linking data while discussing some solutions that are emerging.

Linking Data: The Legal Implications - SemTech2010

mleyden

GDPR. Don't Leave It To Lawyers!

WEBBED STAR

Cyber crime legislation part 1

MohsinMughal28

Privacy Laws in Europe

Martyn Ripley

There are some interesting developments in the world of case law. With so much focus on the CCPA enforcement date implications, many may have forgotten about the forthcoming decision in the Schrems II case, which could decide the fate of the Standard Contractual Clauses and the Privacy Shield for data transfers from Europe to the United States and elsewhere. At the same time, the European Commission is working on the evaluation of all EU adequacy decisions and encouraging various countries to update their data protection laws. As to cookies, the Planet-49 case last year put clear boundaries around the issue of cookie consent. What has happened with this ruling of the European Court of Justice and how does it impact cookie compliance around the world? Join us as we discuss the various international cross-border data transfer updates and how to navigate the potential significant changes. This webinar will review: -Implications of the Schrems II case decision -The status of Privacy Shield and next steps -European Commission adequacy re-assessment -EDPB Guidelines on Consent and the revised IAB Framework updates

The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...

TrustArc

On January 1 2021, the UK formally and effectively left the European Union. As a result, the EU GDPR no longer applies in the UK. Currently, the UK DPA 2018 sets out the data protection framework in the UK. Are you UK-DPA compliant? What are some of the expected data protection reforms from UK authorities? Join our panel in this webinar as we explore the current rules on transfers of personal data between the UK and the EU and how your company can comply. This webinar will review: - What the Brexit changes in terms of data privacy - The main differences between the UK-DPA and the EU-GDPR - How to become compliant in both the EU and the UK

TrustArc Webinar: UK's Post-Brexit GDPR Reforms

TrustArc

Companies, digital transformation and information privacy: the next steps

The Economist Media Businesses

The high level of media surrounding COVID-19 means attention has been taken away from other areas - as a result the media are making more mistakes than usual, and firms need to be extra vigilant. For instance, we had one Wall Street Journal headline this week which made it look like the affected firm was penalising redemptions with penalty fees – extremely damaging and extremely wrong! In these slides we will look at: What can be done to dial down the risk of a crisis in the first instance. How to prepare for a crisis. How to react when a crisis hits to prevent reputational damage.

Crisis communications in a COVID-19 world

Tom Wood

IT and Internet Law

DamaineFranklinMScBE

This is the quick guide of European Digital Rights where we discuss all the challenges in the ePrivacy Regulation proposal. From online and offline tracking, how to protect our conversations in OTT services, the need for collective redress, etc... In this guide we give a quick glance at all the challenges that we believe need to be taken into consideration by policy makers and other stakeholders during the ongoing debate. Relatively soon we will need the attention of the general public, and this talk is an attempt to make that happen.

20170624-Track or be tracked? The challenges of the ePrivacy Regulation

yasoiler

The Valetta Effect: GDPR enforcement for Gikii Vienna 14 Sept

Chris Marsden

Data protection may be sidelined as eu and us talk trade

John Davis

Social media, surveillance and censorship

lilianedwards

Cybersecurity Strategies - time for the next generation

Hinne Hettema

Ähnlich wie [CB20] Life After Privacy Shield – Will Data Transfer Laws Stop the World Doing Business? by Jonathan Armstrong (20)

TrustArc Webinar: Happy Birthday, GDPR! But Is It 4 Or 6 Years Old?

Patricia Ayojedi V SCTC day Cloud 24 feb16

Advanced Data Protection training for volunteers

Spain is responsible for 80% of European Data Protection fines. (on page 3)

PECB Webinar: The End of Safe Harbour! What happens Next?

Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...

Linking Data: The Legal Implications - SemTech2010

GDPR. Don't Leave It To Lawyers!

Cyber crime legislation part 1

Privacy Laws in Europe

The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...

TrustArc Webinar: UK's Post-Brexit GDPR Reforms

Companies, digital transformation and information privacy: the next steps

Crisis communications in a COVID-19 world

IT and Internet Law

20170624-Track or be tracked? The challenges of the ePrivacy Regulation

The Valetta Effect: GDPR enforcement for Gikii Vienna 14 Sept

Data protection may be sidelined as eu and us talk trade

Social media, surveillance and censorship

Cybersecurity Strategies - time for the next generation

Mehr von CODE BLUE

It started with computer hacking and Japanese linguistics as a kid. Zach Mathis has been based in Kobe, Japan, and has performed both red team services as well as blue team incident response and defense consultation for major Japanese global Japanese corporations since 2006. He is the founder of Yamato Security, one of the largest and most popular hands-on security communities in Japan, and has been providing free training since 2012 to help improve the local security community. Since 2016, he has been teaching security for the SANS institute and holds numerous GIAC certifications. Currently, he is working with other Yamato security members to provide free and open-source security tools to help security analysts with their work.

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...

CODE BLUE

Most 5G networks are built in fundamentally new ways, opening new hacking avenues. Mobile networks have so far been monolithic systems from big vendors; now they become open vendor-mixed ecosystems. Networks are rapidly adopting cloud technologies including dockerization and orchestration. Cloud hacking techniques become highly relevant to mobile networks. The talk dives into the hacking potential of the technologies needed for these open networks. We illustrate the security challenges with vulnerabilities we found in real-world networks.

[cb22] Tales of 5G hacking by Karsten Nohl

CODE BLUE

Printer has become one of the essential devices in the corporate intranet for the past few years, and its functionalities have also increased significantly. Not only print or fax, cloud printing services like AirPrint are also being supported as well to make it easier to use. Direct printing from mobile devices is now a basic requirement in the IoT era. We also use it to print some internal business documents of the company, which makes it even more important to keep the printer safe. Nowadays, most of the printers on the market do not have to be connected with USB or traditional cable. As long as you are using a LAN cable connected to the intranet, the computer can find and use the printer immediately. Most of them are based on protocols such as SLP and LLMNR. But is it really safe when vendors adopt those protocols? Furthermore, many printers do not use traditional Linux systems, but use RTOS(Real-Time Operating System) instead, how will this affect the attacker? In this talk, we will use Canon ImageCLASS MF644Cdw and HP Color LaserJet Pro MFP M283fdw as case study, showing how to analyze and gain control access to the printer. We will also demonstrate how to use the vulnerabilities to achieve RCE in RTOS in unauthenticated situations.

[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...

CODE BLUE

While hackers have known the importance of sharing research to improve security for years, the importance of coordinated vulnerability disclosure is increasingly recognized by governments around the world. The principals of disclosure an protecting security researchers are common across borders, but different countries have some key differences. This panel will present a global perspective that may in turn inform key public policy and company behavior. ENISA has published 'Coordinated Vulnerability Disclosure policies in the EU' in April 2022 . This report not only provides an objective introduction to the current state of coordinated vulnerability disclosure policies in the Member States of the European Union, but also introduces the operation of vulnerability disclosure in China, Japan and the USA. Based on these findings, the desirable and good practice elements of a coordinated vulnerability disclosure process are examined, followed by a discussion of the challenges and issues. This session aims to share the contents of this report and clarify the challenges and future direction of operations in Japan, as well as national security and vulnerability handling issues in the US, in a panel discussion with representatives from various jurisdictions. The panelists are involved in the practice of early warning partnership notified bodies in Japan, the authors of the above report in Europe and the contributors to the above report in the US. In Japan, the issues of system awareness, incentives, increase in the number of outstanding cases in handling and so-called triage in handling vulnerabilities will be introduced. From the United States, the Vulnerabilities Equities Process for National Security and the publication of a non-prosecution policy for vulnerability research will be introduced, as well as a historical background on the issue. The aim is that the panel discussion will enable the audience to understand the international situation surrounding CVD, as well as future trends, in particular the important role of vulnerability in cybersecurity and the challenges faced by society around it.

[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...

CODE BLUE

ハッカーたちの間では、セキュリティ向上のために研究を共有することの重要性が何年も前から知られていた。一方、協調して脆弱性を開示することの重要性も、世界中の政府によってますます認識されるようになってきた。情報開示とセキュリティ研究者の保護という原則は国境を越えて共通であるものの、国によって重要な違いがある。本パネルでは、重要な公共政策や企業の行動に影響を与える可能性のあるグローバルな視点を提示する。 ENISAは、2022年4月に「EUにおける脆弱性開示政策の調整」を発表した。本報告書では、EU加盟国における脆弱性開示の協調政策の現状を客観的に紹介するだけでなく、中国、日本、米国における脆弱性開示の運用を紹介している。それらを踏まえて、協調的な脆弱性開示プロセスに望ましい要素やベストプラクティスの要素を検討し、その後、課題や問題点について議論する予定。本報告書の内容を共有し、日本における運用の課題と今後の方向性、米国における国家安全保障と脆弱性対応の課題を、各法域の代表者とのパネルディスカッションで明らかにすることを目的としています。パネリストは、日本では早期警戒パートナーシップ通知機関の実務に携わる方々、欧州では上記報告書の執筆者、米国では上記報告書の寄稿者日本では、脆弱性対応における体制意識、インセンティブ、未処理案件の増加、いわゆるトリアージなどの課題が紹介される予定米国からは、国家安全保障のための脆弱性情報の開示方針（Vulnerabilities Equities Process）、脆弱性研究の不起訴方針の公表などを紹介するとともに、この問題の歴史的背景を紹介する。パネルディスカッションを通じて、脆弱性開示政策を取り巻く国際情勢や今後の動向、特にサイバーセキュリティにおける脆弱性の重要な役割とそれを取り巻く社会が抱える課題について参加者に理解していただくことを目的とする。

[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション（4） by 板橋博之

CODE BLUE

[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...

CODE BLUE

[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション（3） by Lorenzo Pupillo

CODE BLUE

[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...

CODE BLUE

[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション（2）by Allan Friedman

CODE BLUE

[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...

CODE BLUE

[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション（1）by 高橋郁夫

CODE BLUE

Yuuma Taki is enrolled in the Hokkaido Information University Information Media Faculty of Information Media (4th year). At university he is focusing on learning about security for lower-level components, such OS and CPU. In his third year of undergraduate school, he worked on trying to implement the OS security mechanism "KASLR", at Sechack365. Currently, he is learning about ROP derivative technology and embedded equipment security.

[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...

CODE BLUE

2021年10月、Lazarusグループに関連する可能性が高いユニークなローダーであるWSLinkの最初の分析を公開。ほとんどのサンプルは難読化され、高度な仮想マシン（VM）難読化機能で保護されている。サンプルには明確なアーティファクトが含まれておらず、当初は難読化を公的に知られているVMと関連付けなかったが、後にそれをCodevirtualizerに接続することに成功。このVMは、ジャンクコードの挿入、仮想オペランドの暗号化、仮想オペコードの重複、難読化手法仮想命令のマージ、ネストされたVMなど、いくつかの追加の難読化技術を導入する。本発表では、VMの内部を分析し、合理的な時間で難読化技術を「見抜く」ための半自動化されたアプローチについて説明する。また、難読化されたバイトコードと難読化されていないバイトコードを比較し、本手法の有効性を紹介する。われわれの手法は、仮想オペコードのセマンティクスを抽出する既知の難読化解除手法に基づいており、単純化規則によるシンボリック実行を使用。さらに、バイトコードチャンクとVMの内部構成を記号ではなく、具体的な値として扱い、既知の難読化手法で追加の難読化技術を自動的に処理できるようにする。

[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka

CODE BLUE

In October 2021, we published the first analysis of Wslink – a unique loader likely linked to the Lazarus group. Most samples are packed and protected with an advanced virtual machine (VM) obfuscator; the samples contain no clear artifacts and we initially did not associate the obfuscation with a publicly known VM, but we later managed to connect it to CodeVirtualizer. This VM introduces several additional obfuscation techniques such as insertion of junk code, encoding of virtual operands, duplication of virtual opcodes, opaque predicates, merging of virtual instructions, and a nested VM. Our presentation analyzes the internals of the VM and describes our semi automated approach to “see through” the obfuscation techniques in reasonable time. We demonstrate the approach on some bytecode from a protected sample and compare the results with a non-obfuscated sample, found subsequent to starting our analysis, confirming the method’s validity. Our solution is based on a known deobfuscation method that extracts the semantics of the virtual opcodes, using symbolic execution with simplifying rules. We further treat the bytecode chunks and some internal constructs of the VM as concrete values instead of as symbolic ones, enabling the known deobfuscation method to deal with the additional obfuscation techniques automatically.

[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...

CODE BLUE

Kimsuky is a North Korean APT possibly controlled by North Korea's Reconnaissance General Bureau. Based on reports from the Korea Internet & Security Agency (KISA) and other vendors, TeamT5 identified that Kimsuky's most active group, CloudDragon, built a workflow functioning as a "Credential Factory," collecting and exploiting these massive credentials. The credential factory powers CloudDragon to start its espionage campaigns. CloudDragon's campaigns have aligned with DPRK's interests, targeting the organizations and key figures playing a role in the DPRK relationship. Our database suggested that CloudDragon has possibly infiltrated targets in South Korea, Japan, and the United States. Victims include think tanks, NGOs, media agencies, educational institutes, and many individuals. CloudDragon's "Credential Factory" can be divided into three small cycles, "Daily Cycle," "Campaign Cycle," and "Post-exploit Cycle." The"Daily Cycle" can collect massive credentials and use the stolen credentials to accelerate its APT life cycle. In the "Campaign Cycle," CloudDragon develops many new malware. While we responded to CloudDragon's incidents, we found that the actor still relied on BabyShark malware. CloudDragon once used BabyShark to deploy a new browser extension malware targeting victims' browsers. Moreover, CloudDragon is also developing a shellcode-based malware, Dust. In the "Post-exploit Cycle," the actor relied on hacking tools rather than malicious backdoors. We also identified that the actor used remote desktop software to prevent detection. In this presentation, we will go through some of the most significant operations conducted by CloudDragon, and more importantly, we will provide possible scenarios of future invasions for defense and detection.

[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...

CODE BLUE

Social media is no doubt a critical battlefield for threat actors to launch InfoOps, especially in a critical moment such as wartime or the election season. We have seen Bot-Driven Information Operations (InfoOps, aka influence campaign) have attempted to spread disinformation, incite protests in the physical world, and doxxing against journalists. China's Bots-Driven InfoOps, despite operating on a massive scale, are often considered to have low impact and very little organic engagement. In this talk, we will share our observations on these persistent Bots-Driven InfoOps and dissect their harmful disinformation campaigns circulated in cyberspace. In the past, most bots-driven operations simply parroted narratives of the Chinese propaganda machine, mechanically disseminating the same propaganda and disinformation artifacts made by Chinese state media. However, recently, we saw the newly created bots turn to post artifacts in a livelier manner. They utilized various tactics, including reposting screenshots of forum posts and disguised as members of “Milk Tea Alliance,” to create a false appearance that such content is being echoed across cyberspace. We particularly focus on an ongoing China's bots-driven InfoOps targeting Taiwan, which we dub "Operation ChinaRoot." Starting in mid-2021, the bots have been disseminating manipulated information about Taiwan's local politics and Covid-19 measures. Our further investigation has also identified the linkage between Operation ChinaRoot and other Chinese state-linked networks such as DRAGONBRIDGE and Spamouflage.

[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...

CODE BLUE

Malwares written in Go is increasing every year. Go's cross-platform nature makes it an opportune language for attackers who wish to target multiple platforms. On the other hand, the statically linked libraries make it difficult to distinguish between user functions and libraries, making it difficult for analysts to analyze. This situation has increased the demand for Go malware classification and exploration. In this talk, we will demonstrate the feasibility of computing similarity and classification of Go malware using a newly proposed method called gimpfuzzy. We have implemented "gimpfuzzy", which incorporates Fuzzy Hashing into the existing gimphash method. In this talk, we will verify the discrimination rate of the classification using the proposed method and confirm the validity of the proposed method by discussing some examples from the classified results. We will also discuss issues in Go-malware classification.

[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...

CODE BLUE

Goで書かれたマルウェアは年々増加している。Goはクロスプラットフォームの性質を持っており、複数のプラットフォームを標的にしたい攻撃者にとって好都合な言語である。その一方で、ライブラリが静的にリンクされていることからユーザ関数とライブラリの区別が難しく、アナリストにとって解析が困難である。そうした状況で、Goマルウェアの分類や探索の需要が高まっている。本講演ではgimpfuzzyという新たな提案手法を用いてGoマルウェアに対し類似性の計算や分類が可能であることを検証する。われわれは既存手法であるgimphashにFuzzy Hashingを組み込んだ「gimpfuzzy」を新たに実装した。講演では提案手法を利用した分類の判別率を検証し、分類された結果の中からいくつかの事例を取り上げその妥当性について確認する。また、Goマルウェアの分類における課題についても検討を行う予定である。

[cb22] Mal-gopherとは？Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部祐太, 甘粕伸幸, 野村和也

CODE BLUE

Malware analysts normally obtain IP addresses of the malware's command & control (C2) servers by analyzing samples. This approach works in commoditized attacks or campaigns. However, with targeted attacks using APT malware, it's difficult to acquire a sufficient number of samples for organizations other than antivirus companies. As a result, malware C2 IOCs collected by a single organization are just the tip of the iceberg. For years, I have reversed the C2 protocols of high-profile APT malware families then discovered the active C2 servers on the Internet by emulating the protocols. In this presentation, I will explain how to emulate the protocols of two long-term pieces of malware used by PRC-linked cyber espionage threat actors: Winnti 4.0 and ShadowPad. Both pieces of malware support multiple C2 protocols like TCP/TLS/HTTP/HTTPS/UDP. It's also common to have different data formats and encoding algorithms per each protocol in one piece of malware. I'll cover the protocol details while referring to unique functions such as server-mode in Winnti 4.0 and multiple protocol listening at a single port in ShadowPad. Additionally, I'll share the findings regarding the Internet-wide C2 scanning and its limitations. After the presentation, I'll publish over 140 C2 IOCs with the date ranges in which they were discovered. These dates are more helpful than just IP address information since the C2s are typically found on hosted servers, meaning that the C2 could sometimes exist on a specific IP only for a very limited time. 65% of these IOCs have 0 detection on VirusTotal as of the time of this writing.

[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...

CODE BLUE

We are swamped with new types of malware every day. The goal of malware analysis is not to reveal every single detail of the malware. It is more important to develop tools for efficiency or introduce automation to avoid repeating the same analysis process. Therefore, malware analysts usually actively develop tools and build analysis systems. On the other hand, it costs a lot for such tool developments and system maintenance. Incident trends change daily, and malware keeps evolving. However, it is not easy to keep up with new threats. Malware analysts spend a long time maintaining their analysis systems, and it results in reducing their time for necessary analysis of new types of malware. To solve these problems, we incorporate DevOps practices into malware analysis to reduce the cost of system maintenance by using CI/CD and Serverless. This presentation shares our experience on how CI/CD, Serverless, and other cloud technologies can be used to streamline malware analysis. Specifically, the following case studies are discussed. * Malware C2 Monitoring * Malware Hunting using Cloud * YARA CI/CD system * Malware Analysis System on Cloud * Memory Forensic on Cloud Through the above case studies, we will share the benefits and tips of using the cloud and show how to build a similar system using Infrastructure as Code (IaC). The audience will learn how to improve the efficiency of malware analysis and build a malware analysis system using Cloud infrastructure.

[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...

CODE BLUE

Mehr von CODE BLUE (20)

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...

[cb22] Tales of 5G hacking by Karsten Nohl

[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...

[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...

[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション（4） by 板橋博之

[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...

[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション（3） by Lorenzo Pupillo

[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...

[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション（2）by Allan Friedman

[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...

[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション（1）by 高橋郁夫

[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...

[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka

[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...

[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...

[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...

[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...

[cb22] Mal-gopherとは？Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部祐太, 甘粕伸幸, 野村和也

[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...

[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...

Kürzlich hochgeladen

Zone Chairperson Role and Responsibilities New updated.pptx

lionnarsimharajumjf

Digital collaboration with Microsoft 365 as extension of Drupal

Fabian de Rijk

Proofreading: Basics to Artificial Intelligence Integration. Become a Professional Proofreader and Editor Leveraging Human Expertise and Artificial Intelligence (AI) Technology and Tools. Table of Contents MODULE 1: INTRODUCTION TO PROOFREADING What is proofreading, and how is it different from editing? The importance of proofreading in publishing and communication Types of materials that require proofreading (books, articles, websites, legal documents, etc.) Proofreading marks and symbols MODULE 2: DEVELOPING PROOFREADING SKILLS MODULE 3: PROOFREADING TECHNIQUES Preparing for the proofreading process (setting up the workspace, tools, etc.) Reading techniques (line-by-line, word-by-word, backwards reading) Using proofreading checklists and guidelines Cross-checking against style guides and reference materials Marking up corrections and queries MODULE 4: PROOFREADING DIFFERENT TYPES OF CONTENT Proofreading fiction and non-fiction books Fiction Books: Non-Fiction Books: Proofreading academic and scientific papers Proofreading legal and business documents Proofreading websites and digital content Proofreading marketing and advertising materials MODULE 5: PROOFREADING TOOLS AND RESOURCES MODULE 6: PROOFREADING WORKFLOWS AND BEST PRACTICES MODULE 7: BUILDING A SUCCESSFUL PROOFREADING CAREER MODULE 8: AI TEXT EDITING AND PROOFREADING Benefits and limitations of AI in this field Benefits of AI in Proofreading: Limitations of AI in Proofreading: Examples of AI-powered text editing and proofreading tools Combining AI with Human Expertise AI Ethics and Bias in Text Editing Future Trends and Developments in AI Text Editing This cutting-edge course equips you with the essential skills and tools to become a proofreading pro in the age of AI technology. Designed for writers, editors, content creators, and anyone seeking to elevate their proofreading game, this masterclass combines time-tested proofreading techniques with the latest AI-powered text editing solutions. Through in-depth modules, you will master the art of proofreading, from developing razor-sharp attention to detail to mastering grammar, punctuation, and style guidelines. This masterclass also dives deep into the world of AI text editing. You’ll discover how AI-powered tools can aid in grammar and style checking, context-aware spell checking, consistency management, content optimization, and more. You will learn to seamlessly integrate AI tools into your proofreading workflows, combining the best of human expertise and AI technology for unparalleled results. Finally, this course will help you discover how to harness the power of AI to streamline your proofreading workflows, enhance accuracy, and deliver impeccable content every time, thanks to advanced proofreading techniques, such as line-by-line reading, backward reading, and cross-checking against reference materials, ensuring no error goes unnoticed.

Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...

David Celestin

Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...

amilabibi1

I had the honour of presenting my reflections on the autobiography of Professor Isaac Folorunso Adewole, titled "Uncommon Grace." As someone deeply invested in documentation and history, I found Professor Adewole's decision to narrate his journey from humble beginnings to occupying one of the highest offices in the land both inspiring and invaluable. In this eloquently written memoir, Professor Adewole provides a comprehensive account of his life, from his ancestral roots to his time as Minister of Health in Nigeria. The unique aspect of this autobiography is that he portrayed himself authentically without taking the help of third-party narratives, which is often seen in accounts of high-ranking officials. His upbringing was greatly influenced by his father's commitment to education. He became a prominent figure in advocating for the rights of the underprivileged through trade unionism. His story is one of unwavering determination, resilience, and faith. His experiences, including both successes and struggles, provide priceless lessons on leadership, perseverance, and the alignment of personal values with public service. While reading "Uncommon Grace," I was struck by the deep leadership lessons that are embedded within its chapters. Professor Adewole stresses the importance of inclusivity, servant leadership, and planning, which are all highly relevant in today's complex world. His commitment to accountability, as well as his primary responsibility as a researcher, serves as a guiding light for aspiring leaders across various disciplines. During his tenure as the Vice Chancellor of the University of Ibadan, he led with visionary leadership and transformative impact. His accomplishments have been meticulously documented in the book, which can serve as a blueprint for rejuvenating institutions and promoting academic excellence. In the latter part of his autobiography, Professor Adewole shares his experiences as a Minister, detailing the challenges he faced while serving the public with integrity and courage. His reflections on the complexities of public service, coupled with his commitment to the well-being of the nation, offer practical insights for policymakers and citizens alike. I have carefully read "Uncommon Grace" and it is more than just a memoir. It is a timeless book that is hard to put down once you start reading. While intellectuals may continue to debate whether uncommon grace was made possible by uncommon preparation or the other way around, I applaud Professor Adewole for sharing his ideas, knowledge, and experience with the public. I highly recommend this book to everyone.

Uncommon Grace The Autobiography of Isaac Folorunso

Kayode Fayemi

Klinik_ Apotek Onlin 085657271886 Solusi Menggugurkan Masalah Kehamilan Anda Jual Obat Aborsi Di Jakarta. KLINIK ABORSI TERPEECAYA _ Jual Obat Aborsi Cytotec Misoprostol Asli 100% Ampuh Hanya 3 Jam Langsung Gugur || OBAT PENGGUGUR KANDUNGAN AMPUH MANJUR OBAT ABORSI OLINE" APOTIK Jual Obat Cytotec, Gastrul, Gynecoside Asli Ampuh. JUAL ” Obat Aborsi Tuntas | Obat Aborsi Manjur | Obat Aborsi Ampuh | Obat Penggugur Janin | Obat Pencegah Kehamilan | Obat Pelancar Haid | Obat terlambat Bulan | Ciri Obat Aborsi Asli | Obat Telat Bulan | Pil Aborsi Asli | Cara Menggugurkan Konten | Cara Aborsi Tuntas | Harga Obat Aborsi Asli | Pil Aborsi | Jual Obat Aborsi Cytotec | Cara Aborsi Sendiri | Cara Aborsi Usia 1 Bulan | Cara Aborsi Usia 2 Tahun | Cara Aborsi Usia 3 Bulan | Obat Aborsi Usia 4 Bulan | Cara Abrasi Usia 5 Bulan | Cara Menggugurkan Konten | Kandungan Obat Penggugur | Cara Menghitung Usia Konten | Cara Mengatasi Terlambat Bulan | Penjual Obat Aborsi Asli | Obat Aborsi Garansi | Kandungan Obat Peluntur | Obat Telat Datang Bulan | Obat Telat Haid | Obat Aborsi Paling Murah | Klinik Jual Obat Aborsi | Jual Pil Cytotec | Apotik Jual Obat Aborsi | Kandungan Dokter Abrasi | Cara Aborsi Cepat | Jual Obat Aborsi Bergaransi | Jual Obat Cytotec Asli | Obat Aborsi Aman Manjur | Obat Misoprostol Cytotec Asli. "APA ITU ABORSI" “Aborsi Adalah dengan membendung hormon yang di perlukan untuk mempertahankan kehamilan yaitu hormon progesteron, karena hormon ini dibendung, maka jalur kehamilan mulai membuka dan leher rahim menjadi melunak,sehingga mengeluarkan darah yang merupakan tanda bahwa obat telah bekerja || maksimal 1 jam obat diminum || PENJELASAN OBAT ABORSI USIA 1 _7 BULAN Pada usia kandungan ini, pasien akan merasakan sakit yang sedikit tidak berlebihan || sekitar 1 jam ||. namun hanya akan terjadi pada saatdarah keluar merupakan pertanda menstruasi. Hal ini dikarenakan pada usiakandungan 3 bulan,janin sudah terbentuk sebesar kepalan tangan orang dewasa. Cara kerja obat aborsi : JUAL OBAT ABORSI AMPUH dosis 3 bulan secara umum sama dengan cara kerja || DOSIS OBAT ABORSI 2 bulan”, hanya berbedanya selain mengisolasijanin juga menghancurkan janin dengan formula methotrexate dikandungdidalamnya. Formula methotrexate ini sangat ampuh untuk menghancurkan janinmenjadi serpihan-serpihan kecil akan sangat berguna pada saat dikeluarkan nanti. APA ALASAN WANITA MELAKUKAN ABORSI? Aborsi di lakukan wanita hamil baik yang sudah menikah maupun belum menikah dengan berbagai alasan , akan tetapi alasan yang utama adalah alasan-alasan non medis (termasuk aborsi sendiri / di sengaja/ buatan] MELAYANI PEMESANAN OBAT ABORSI SETIAP HARI, SIAP KIRIM KESELURUH KOTA BESAR DI INDONESIA DAN LUAR NEGERI. HUBUNGI PEMESANAN LEBIH NYAMAN VIA WA/: 085657271886

Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...

ZurliaSoop

lONG QUESTION ANSWER PAKISTAN STUDIES10.

lodhisaajjda

My Presentation "In Your Hands" by Halle Bailey

hlharris

in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City

Abortion pills in Kuwait Cytotec pills in Kuwait

• For a full set of 390+ questions. Go to https://skillcertpro.com/product/aws-data-engineer-associate-dea-c01-exam-questions/ • SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. • It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. • SkillCertPro updates exam questions every 2 weeks. • You will get life time access and life time free updates • SkillCertPro assures 100% pass guarantee in first attempt.

AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf

SkillCertProExams

Report Writing Webinar Training

KylaCullinane

Dreaming Music Video Treatment _ Project & Portfolio III

NhPhngng3

Despite remarkable successes in various domains such as robotics and games, Reinforcement Learning (RL) still struggles with exploration inefficiency. For example, in hard Atari games, state-of-the-art agents often require billions of trial actions, equivalent to years of practice, while a moderately skilled human player can achieve the same score in just a few hours of play. This contrast emerges from the difference in exploration strategies between humans, leveraging memory, intuition and experience, and current RL agents, primarily relying on random trials and errors. This tutorial reviews recent advances in enhancing RL exploration efficiency through intrinsic motivation or curiosity, allowing agents to navigate environments without external rewards. Unlike previous surveys, we analyze intrinsic motivation through a memory-centric perspective, drawing parallels between human and agent curiosity, and providing a memory-driven taxonomy of intrinsic motivation approaches. The talk consists of three main parts. Part A provides a brief introduction to RL basics, delves into the historical context of the explore-exploit dilemma, and raises the challenge of exploration inefficiency. In Part B, we present a taxonomy of self-motivated agents leveraging deliberate, RAM-like, and replay memory models to compute surprise, novelty, and goal, respectively. Part C explores advanced topics, presenting recent methods using language models and causality for exploration. Whenever possible, case studies and hands-on coding demonstrations. will be presented.

Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity

Hung Le

Introduction to Artificial intelligence.

thamaeteboho94

Dreaming Marissa Sánchez Music Video Treatment

nswingard

ICT role in 21st century education and it's challenges.pdf

Islamia university of Rahim Yar khan campus

SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf

Mahamudul Hasan

Kürzlich hochgeladen (17)

Zone Chairperson Role and Responsibilities New updated.pptx

Digital collaboration with Microsoft 365 as extension of Drupal

Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...

Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...

Uncommon Grace The Autobiography of Isaac Folorunso

Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...

lONG QUESTION ANSWER PAKISTAN STUDIES10.

My Presentation "In Your Hands" by Halle Bailey

in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City

AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf

Report Writing Webinar Training

Dreaming Music Video Treatment _ Project & Portfolio III

Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity

Introduction to Artificial intelligence.

Dreaming Marissa Sánchez Music Video Treatment

ICT role in 21st century education and it's challenges.pdf

SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf

[CB20] Life After Privacy Shield – Will Data Transfer Laws Stop the World Doing Business? by Jonathan Armstrong

1. @CorderyUK Life After Privacy Shield – Will Data Transfer Laws Stop the World Doing Business? Jonathan Armstrong 29 October 2020

3. @CorderyUK© Cordery 2020 History • 2011 - Santa Clara lecture • SAR to Facebook • 2013 - Schrems makes complaint to DPC about Facebook • July 2014 - Irish High Court refers Schrems I to ECJ • October 2015 - Safe Harbor struck down • November 2015 - Schrems II case appealed to Austrian Supreme Court • December 2015 - Schrems complains to DPC about SCCs • July 2016 - Privacy Shield adopted • July 2020 Privacy Shield struck down by ECJ (Switzerland & Israel followed) 2

5. @CorderyUK© Cordery 2020 Will Trump build bridges? 1. Unlikely? 2. Election year 3. Increased focus on security 4. Xenophobia (and Sinophobia) 5. Obama’s more compromising administration could not provide a fix 4

6. @CorderyUK© Cordery 2020 Will this be resolved? 1. SCCs 2. Issue avoidance 3. Self-help by corporations 4. Reassuring words from European Commission BUT: 1. Litigation (e.g. potential Amazon class action) 2. Regulators will act 3. Schrems IV! 5

8. @CorderyUK© Cordery 2020 What does this mean for Russia and China? 1. Possibly greater scrutiny 2. However less commercial impetus 3. Increased issues for China native offerings e.g. TikTok 7

11. @CorderyUK© Cordery 2020 What does this mean for Japan? 1. Greater focus on ‘adequacy’ (see e.g. 2/10/2020 announcement re higher fines) 2. Annual reviews by EU? (and UK?) 3. Possibility of greater scrutiny of activities of Japanese security services (e.g. enquiry sheet system; Snowden allegations e.g. XKEYSCORE & MALLARD) 4. Greater scrutiny of laws protecting data of non-Japanese nationals from state surveillance (e.g. new PPC English language helpline) 5. More prospect of pressure group activities 6. Class actions? 7. Greater role for InfoSec & Legal in decision making? 10

14. @CorderyUK© Cordery 2020 How can organisations in Japan minimise risk? 1. Set out clear rules 2. Place strong emphasis on security 3. Look at Standard Contractual Clauses/Model Clauses (SCCs) 4. Be prepared to explain limits on Japanese law 5. Look at other measures e.g. ombudsmen, notice of requests for data 6. Look at future change – one man can change your world 13

15. @CorderyUK© Cordery 2020 Resources GDPR FAQs – www.bit.ly/gdprfaqs GDPR Glossary – www.bit.ly/gdprwords Privacy Shield (Schrems III Case) - https://bit.ly/pshielddead Swiss Privacy Shield collapses - https://bit.ly/swisspshield GDPR 2 Years On (Film) https://www.corderycompliance.com/gdpr-first-2- year-part-1/ SCCE Article on GDPR 2 Years On - https://www.corderycompliance.com/2- years-gdpr-security-breach-lessons/ GDPR, data transfer and investigations - https://bit.ly/gdprinvest Facebook case - https://www.corderycompliance.com/ireland-dpc-halts-fb- dating-service/ Film on brands in a crisis – www.bit.ly/levickfilm Amazon litigation over Privacy Shield - https://bit.ly/berlindp 14

16. @CorderyUK@ Cordery 2020 Questions Jonathan Armstrong Partner Cordery T +44 (0)20 7075 1784 E jonathan.armstrong@corderycompliance.com @armstrongjp

[CB20] Life After Privacy Shield – Will Data Transfer Laws Stop the World Doing Business? by Jonathan Armstrong

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie [CB20] Life After Privacy Shield – Will Data Transfer Laws Stop the World Doing Business? by Jonathan Armstrong

Ähnlich wie [CB20] Life After Privacy Shield – Will Data Transfer Laws Stop the World Doing Business? by Jonathan Armstrong (20)

Mehr von CODE BLUE

Mehr von CODE BLUE (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (17)

[CB20] Life After Privacy Shield – Will Data Transfer Laws Stop the World Doing Business? by Jonathan Armstrong