Cross-Border Transfers

The Commerce Department’s Bureau of Industry and Security (“BIS”) recently published an advanced notice of proposed rulemaking asking for public comment on criteria to identify “emerging technologies that are essential to U.S. national security,” for example because they have potential intelligence collection applications or could provide the United States with a qualitative intelligence advantage.

BIS is the federal agency that primarily oversees commercial exports. Over the summer, Congress passed the Export Control Reform Act of 2018 and authorized BIS to establish appropriate controls on the export of emerging and foundational technologies. Although by no means exclusive or final, BIS has proposed an initial list of areas that may become “emerging technologies,” including artificial intelligence/machine learning technology, brain-computer interfaces, and advanced surveillance technology, such as faceprint and voiceprint technologies. If BIS ultimately determines a technology will be subject to export controls, it will likely receive a newly-created Export Control Classification Number on BIS’s Commerce Control List and would require a license before export to any country subject to a U.S. embargo, including arms embargos (e.g., China). Continue Reading Is Your Technology an “Emerging Technology?”

Two developments last month concerning the EU-US Privacy Shield–which is the mechanism designed by the US Department of Commerce and the European Commission to allow US companies to transfer personal data from the EU to the US–highlight the ongoing tension between the EU and US approaches to privacy, particularly post-GDPR. First, the US Federal Trade Commission announced an agreement with a California company, settling allegations that the company falsely claimed in its website privacy policy to be in the process of self-certification with the Privacy Shield, when it fact it had begun the application process but failed to complete all the steps. The FTC Chairman stated that the settlement “demonstrates the FTC’s continuing commitment to vigorous enforcement of the Privacy Shield.” A few days later, the European Parliament passed a non-binding resolution to suspend the EU-US Privacy Shield unless the US becomes fully compliant by September 1, 2018. Considering that the Privacy Shield does not provide adequate protection, the European Parliament cited among its reasons the fact that non-US citizens have been excluded by the protections of the Privacy Act by executive order, the fact that the US has failed to appoint any independent supervisory authority, and the fact that there is insufficient monitoring and enforcement. Continue Reading Privacy Shield Developments at Home and Abroad