|There We Go Again: EU-US Privacy Shield Rejected|
|For this quite important news item, we need to start with a little bit of history.|
1980: OECD issues recommendations (8 principles) for protection of personal data.
1995: the European Union (EU) enacts the Data Protection Directive.
2000: the "Safe Harbor Provision" is adopted, whereby a US company can self-certify its compliance with European rules in order to be allowed to store data belonging to EU subjects.
June 2015: the European Commission issues a draft of new data protection rules.
Oct. 2015: the EU Court of Justice (EUCJ) invalidates Safe Harbor because US legislation does not sufficiently protect privacy.
July 2016: the EU-US Privacy Shield is put in place to replace Safe Harbor with a framework containing stronger compliance mechanisms, although it is immediately criticized as insufficient.
2017: criticism increases after the new U.S. administration declares that its privacy protections do not extend to non-U.S. citizens.
May 2018: the 2015 draft has become the General Data Protection Regulation (GDPR), which comes into full force, replacing the 1995 directive.
Now, this dance between the EU's legislative and judicial bodies has just taken a new turn: on 16 July 2020, the EUCJ declared the EU-US Privacy Shield invalid, citing essentially the same reasons as in its 2015 ruling against Safe Harbor.
So, now what? Standard Contractual Clauses (SCCs) that may exist between providers and customers are still valid (although they need to be reviewed), but the blanket authorization used by 5,378 U.S. companies to self-certify was struck down, and the affected data transfers had to cease immediately. Steps can be taken to be able to restart those transfers, but they take some time to implement and success is not guaranteed. For a set of precise recommendations, see Françoise Gilbert's analysis.
(Sources: Wikipedia, Cloud Security Alliance, F. Gilbert)
|The Growth of Cybercrime|
|On July 2nd, the U.S. Commercial Service sponsored a webinar about commercial ICT (information and communication technology) opportunities in Latin America. One of the speakers was Ivan Goicochea, a telecommunications expert and consultant based in Peru, who presented some sobering worldwide statistics about cybersecurity:
- The global cost of cybercrime exceeded $2 trillion in 2019, and will reach $6 trillion in 2021, according to Juniper Research and Cybersecurity Ventures.
- Cybercrime is more profitable than drug trafficking, according to Cisco.
- Over 70% of cryptocurrencies (e.g., bitcoin) are used for cybercrime.
- There are 63 cybercrime organizations on the FBI most-wanted list.
- Only 10 to 12% of cybercrimes are reported to authorities.
The silver lining, of course, is that if you are a cybersecurity expert you should not be running out of work opportunities anytime soon. But you need to keep updating your skills, because the cybercriminals are constantly developing new techniques.
|Bad Title, Useful Book|
|Building a Data Integration Team: Skills, Requirements, and Solutions for Designing Integrations, by Jarrett Goldfedder, is a smallish, well-written, useful book in spite of bearing an inaccurate title. This is not primarily about building a team, and neither is it about "data integration" in the sense most of us would give to this term! It is really about the processes and tools required to perform data migration, especially ETL (extraction, transformation, and loading). If you're an ETL expert, it is probably not for you, but if you're stumbling into issues with legacy databases and data mapping, as many of us have, then it is a good manual.|
For ACM members, the book is available online at Skillsoft, for free, at the above link. Otherwise, it costs about $20 on Amazon in either paperback or Kindle versions.
|Industrial IoT Rendezvous in September|
|The Q3 meeting of the Industrial Internet Consortium will again be held virtually (surprise!) from Sep. 28 to Oct. 2, and is free to IIC member organization employees. As usual, the program will cover testbeds, communication, security, trustworthiness, architectural issues, applications of IoT to various vertical domains, and opportunities to network with other participants. If you are interested, then:|
- Check whether your organization is one of the 160 members.
- View the program and register here.
"This tip is guaranteed to get you a Distinguished Paper award: Motivate your Introduction by telling the reader how little is known about your topic. Then allocate at least two columns in Related Work to show how extensively your topic has already been studied."
-- Titus Barik
, researcher at Microsoft, referring specifically
to the International Conference on Software Engineering (ICSE)
(motto: "My research alignment is chaotic evil. Opinions are my own.")
"This is the first time data has been such a central part of the narrative. The human connection -- I think we need more of that in the larger national narrative. It just feels like the compassion is getting lost."
-- Beth Blauer, Executive Director of Johns Hopkins University's
(which you can peek at over the paywall) where she discusses
human dimension of the pandemic, especially the impact of social
inequities in the U.S. Along the way, the WaPo article also describes
the challenges of data quality and consistency in such a fluid situation.