Search the Community

Netflix no longer offers free trials in the US The company has been phasing them out Illustration by Alex Castro / The Verge Netflix has removed the option for potential subscribers in the United States to test the service with a free trial, the company confirmed to The Verge. The company started phasing out the option for US-based subscribers this month, but has spent the last couple of years phasing out the option in a number of countries around the world. To replace the free trial, Netflix is introducing new ways to try and attract potential subscribers, including posting some educational content on YouTube for free and other forms of content sampling. “We’re looking at different marketing promotions in the US to attract new members,” a Netflix spokesperson told The Verge. With the free trial offer gone, Netflix is going to test even more forms of content sampling promotions for people within the United States. Recently, Netflix launched a portal to watch a number of episodes from its top series for free. Netflix also made one of its films, To All the Boys I’ve Loved Before, available to watch without a Netflix subscription. Netflix’s decision to cancel its free trial comes at a time when other streaming services are leaning heavily on trials to build their initial subscriber bases. Apple just extended the initial free period for Apple TV Plus subscribers by three months to February 2021, while services like Quibi and Disney Plus launched while touting free trials. For Netflix, the company is exploring other ways to try and build out that subscriber base. Those experiments will continue into 2021. Netflix no longer offers free trials in the US

WASHINGTON (Reuters) - Alphabet Inc’s Google and the U.S. Justice Department have failed to reach agreement over a protective order for third parties like Microsoft that provided data to the government for its lawsuit against the search and advertising giant. Google is pressing for two in-house attorneys to have access to the confidential data while the Justice Department and state attorneys general involved in the lawsuit have disagreed, Google said in a court filing on Friday. Google stated it needed the information to prepare an effective defense. It offered to ensure that any confidential information would be made available solely to two in-house attorneys at the offices of Google’s outside counsel or in another secure manner, adding that it would promptly report any disclosure. The government said in a separate filing that allowing Google’s staff attorneys to review “strategic plans related to rival voice assistants, and other commercially sensitive information” was dangerous because they could misuse the information to squash potential competition. The government also said that highly confidential files in the last big technology antitrust case, which involved Microsoft Corp about 20 years ago, were only available to the company’s outside counsel. The companies whose documents are in dispute in the Google case also include Oracle Corp, AT&T Inc, Amazon.com, Comcast Corp and others. They have until next Friday to make their proposals for the terms of a protective order. Judge Amit Mehta of the U.S. District Court for the District of Columbia is hearing the Justice Department’s case against Google. The government sued Google in October, accusing the $1 trillion company of illegally using its market muscle to hobble rivals in the biggest challenge to the power and influence of Big Tech in decades. Source

The school district has been relying on virtual classes to teach students during the pandemic. But it decided to cancel classes today, citing a ransomware attack, which has shut down the district's IT systems. No school due to a ransomware attack? On Wednesday, a Maryland school district said it was canceling all classes precisely because of that. A ransomware strain has taken out the IT systems at Baltimore County Public Schools, which serves more than 11,500 students. “Due to issues with our network, all Baltimore County Public Schools and offices will be closed today,” the district said over Twitter. The school system has been relying on remote learning to teach students at home during the pandemic. However, the ransomware attack has shut down the district’s website, in addition to the email and grading system, according to The Baltimore Sun. “Everything was impacted,” the district’s chief of staff Mychael Dickerson told the newspaper. “It’s extensive enough that we made this decision. We knew it wouldn’t be a quick fix.” Ransomware attacks usually work by seeking out computers across the victim’s network and then encrypting all the information inside. So as a precaution, the local teacher’s association has been telling its educators to turn off all their computers. The goal of the attack is to then force the victim to pay up, usually in Bitcoin. And in some cases, the ransom demand can reach well into the six figures. However, it’s unclear whether Baltimore County Public Schools has received a ransom note yet, or if it’ll pay up. The Baltimore County Government also commented on the attack, saying it hasn't been affected. "We do not have any reason to believe that Baltimore County Government systems have been compromised, but the County’s Information Technology team is closely inspecting our network and all devices out of an abundance of caution, and has put in place additional security measures," the government said in a statement. In the meantime, the school district’s technology team is working to restore the affected systems. Baltimore County Public Schools says it’s the 25th largest school district in the country. Source

US may subsidize Huawei alternatives with proposed $1.25 billion fund Democrats and Republicans pitch $1.25 billion fund to boost non-Huawei 5G tech. Enlarge / Huawei sign displayed at CES 2020 in Las Vegas on Wednesday, Jan. 8, 2020. Getty Images | Bloomberg The US government should spend at least $1.25 billion "to invest in Western-based alternatives to Chinese equipment providers Huawei and ZTE," a bipartisan group of six US senators said yesterday. The senators submitted legislation called the Utilizing Strategic Allied (USA) Telecommunications Act to make that happen, arguing that the US must counter the Chinese government's investments in the telecom sector. The money would come from spectrum-auction proceeds, and the $1.25 billion in grants would be spread out over 10 years. The money would support development of new 5G technology, with a focus on equipment that complies with open standards to ensure "multi-vendor network equipment interoperability." The senators' announcement said: Heavily subsidized by the Chinese government, Huawei is poised to become the leading commercial provider of 5G, with far-reaching effects for US economic and national security. With close ties to the Communist Party of China, Chinese state-directed technology companies present unacceptable risks to our national security and to the integrity of information networks globally. However, US efforts to convince foreign partners to ban Huawei from their networks have stalled amid concerns about a lack of viable, affordable alternatives. The senators who sponsored the legislation are Mark R. Warner (D-Va.); Richard Burr (R-N.C.); Bob Menendez (D-N.J.); Marco Rubio (R-Fla.); Michael Bennet (D-Colo.); and John Cornyn (R-Texas). Burr and Warner are the chair and vice chair of the Senate Select Committee on Intelligence, while Cornyn, Rubio, and Bennet are members of that committee. Menendez is ranking member of the Senate Foreign Relations Committee, and Rubio is also a member of the Foreign Relations Committee. "Every month that the US does nothing, Huawei stands poised to become the cheapest, fastest, most ubiquitous global provider of 5G, while US and Western companies and workers lose out on market share and jobs," Warner said. Burr said it would be "disastrous if Huawei, a company that operates at the behest of the Chinese government, military, and intelligence services, is allowed to take over the 5G market unchecked." Two funds The senators' bill would create a Public Wireless Supply Chain Innovation Fund of at least $750 million and a Multilateral Telecommunications Security Fund of at least $500 million. The $750 million fund would be administered by the National Telecommunications and Information Administration (NTIA), but the Federal Communications Commission and other agencies would help establish criteria for awarding grants. Those grants would pay for research into software, hardware, and microprocessor technology "that will enhance competitiveness" in 5G "and successor wireless technology supply chains." This fund would also support "development and deployment of open interface standards-based compatible, interoperable equipment," including equipment that meets the Open Radio Access Network standard (O-RAN). Individual grants could be as high as $20 million each. The senators said they want to support O-RAN to "allow for alternative vendors to enter the market for specific network components, rather than having to compete with Huawei end-to-end." The $500 million multilateral fund would be administered by the Secretary of State and focus on projects involving the United States and other countries. The Secretary of State would have to strike "agreement(s) with foreign government partners" to fund projects that "support the development and adoption of secure and trusted telecommunications technologies." Under this plan, the US would try to get funding commitments from countries involved in the proposed joint projects. “Race” to 5G? The senators said these funds will help the US win "the race for 5G." The Federal Communications Commission's Republican majority has repeatedly cited the "race to 5G" as justification for eliminating federal rules and preempting municipal regulations that cover deployment of wireless equipment in US cities and towns. Whether there is actually a "race" between the US and China when it comes to deploying 5G to each country's residents is debatable. The US switching from 4G to 5G slightly later than China wouldn't prevent the US from getting the benefits of 5G, such as they are: carriers admit that 5G networks based on millimeter-wave frequencies won't come close to covering the whole US and that 5G on lower-frequency bands will only be slightly faster than 4G. Moreover, the US faces more pressing problems because many rural areas don't even have consistent 4G access, and most US homes lack fiber broadband. Fiber, in addition to providing high-speed home Internet, is crucial for supplying bandwidth to 5G networks. But ISPs don't want to spend the money to deploy nationwide fiber, and the FCC's planned $20 billion rural-broadband fund will pay ISPs to deploy either fiber or services that are much slower and come with restrictive data caps. But for both mobile and home broadband networks, expanding alternatives to Huawei and ZTE network gear is important for meeting the US government's goal of phasing out Chinese telecom equipment. That's particularly true for small, rural ISPs that have relied on the Chinese companies' offerings. The FCC in November voted unanimously to ban Huawei and ZTE equipment in projects paid for by the FCC's Universal Service Fund (USF), saying the equipment could have backdoors installed at the behest of the Chinese government. This ban affects only future projects and the use of federal funding to maintain existing equipment, but the FCC may also eventually require removal of Huawei and ZTE gear from networks that have already been built. Huawei has sued the FCC in an attempt to overturn the ban, saying the commission "fail[ed] to substantiate its arbitrary findings with evidence or sound reasoning or analysis." How carriers, particularly small carriers, will pay for a move away from Chinese equipment is an open question. The FCC is seeking public comment on how to pay for removing and replacing the equipment. The new bill for 5G research doesn't allocate funding directly toward replacing Chinese equipment in current networks, but senators said the bill "create(s) a transition plan for the purchase of new equipment by carriers that will be forward-compatible with forthcoming O-RAN equipment so small and rural carriers are not left behind." If the bill passes, recipients of FCC grants for replacing Chinese equipment with new 5G technology would have to submit plans outlining how they will switch to standards-based equipment. Source: US may subsidize Huawei alternatives with proposed $1.25 billion fund (Ars Technica)

More scrutiny for the Chinese company The United States has opened a national security review into TikTok’s parent company over its acquisition of social media app Musical.ly, Reuters reports. In 2017, China-based TikTok owner Beijing ByteDance Technology bought up the popular American lip-syncing app — and its user base — for $1 billion. Last year, the app was fully rebranded as part of TikTok. But in the time since the deal closed, TikTok has faced substantial pressure from US lawmakers who have questioned how the company moderates its political content and stores its user data. In a letter last month, Sen. Marco Rubio (R-FL) called for an investigation into the company, writing that “Chinese-owned apps are increasingly being used to censor content and silence open discussion on topics deemed sensitive by the Chinese Government and Community Party.” The letter followed reports that TikTok was censoring political content that was offensive to the Chinese government. (The company has said its moderation decisions are based in the US and “are not influenced by any foreign government.”) Rubio’s note was followed by one from Sens. Tom Cotton (R-AR) and Chuck Schumer (D-NY) also calling for a review. According to Reuters, the US has now launched such a review through the Committee on Foreign Investment in the United States, or CFIUS, which is responsible for reviewing deals with national security implications. The news service reports that TikTok did not go through a CFIUS review when it made the Musical.ly acquisition, and are in talks about national security concerns now. The investigation is the latest hurdle for the company, which has dealt with intense scrutiny as the tech industry as a whole faces renewed questions about Chinese censorship online. Last month, in one notable example, Apple was criticized for pulling an app used by pro-democracy protestors in Hong Kong. “While we cannot comment on ongoing regulatory processes, TikTok has made clear that we have no higher priority than earning the trust of users and regulators in the US,” a company spokesperson told The Verge in a statement. “Part of that effort includes working with Congress and we are committed to doing so.” Source: US launches national security review of TikTok, Reuters reports (via The Verge)

America is finally testing for coronavirus in significant volumes Testing in the US has soared to 100,000 tests, but shortages remain an issue. Enlarge / Patients wait in their cars for drive-through COVID-19 testing at Advocate Lutheran General Hospital in Park Ridge, IL on Thursday. The hospital suspended drive-through testing on Friday due to a shortage of test kits. Eric Bangeman / Ars Technica 260 with 118 posters participating, including story author America is finally starting to test for the coronavirus in significant volumes. On Thursday, the total number of coronavirus tests conducted in America topped 100,000, according to the COVID tracking project. That's a 10-fold increase from a week earlier. In the coming days, we can expect the pace of testing to continue increasing as more and more organizations—both academic labs and for-profit companies—ramp up testing efforts. This is important because America has a lot of catching up to do. A series of early missteps at the federal level hampered America's testing efforts in the early weeks of the coronavirus crisis. It wasn't until the end of February that the Food and Drug Administration opened the door for a wide range of organizations to offer coronavirus tests. In the last week, we've started to see the results of that change. Private companies are starting to ship hundreds of thousands of tests. Drive-through testing stations are sprouting up all over America. But the explosion of new testing efforts will create challenges of its own. Josh Sharfstein, a professor at the Johns Hopkins University School of Public Health, argues that coordination will be increasingly important as the volume of testing increases. A Thursday story in The Wall Street Journal painted a picture of chaos as patients struggled to get tested—even after they've gotten a referral from a doctor to get a test. Some drive-through testing facilities have had long lines and unpredictable hours, the Journal reports. To get maximum value out of all this testing, officials are going to need to rationalize and streamline these testing processes. Patients need predictable rules for when they are eligible to be tested and a predictable process for actually getting a test and getting results. And public health officials need standardized ways of gathering test results Some labs are also suffering from a shortage of supplies, Axios reports. As we detailed in our February explainer, testing for the virus behind COVID-19 is a multi-step process that involves a number of chemical reagents. These chemicals are mostly available off-the-shelf, but the system isn't designed to handle sudden, massive spikes in demand. "We are keeping redundancy very much on the back of our minds," Harvard's Michael Mina told Axios. "There is a concern that some item might become out of stock and so as soon as we are live with our test, we will start validating other modifications." We saw this first-hand. On Thursday, Ars Managing Editor Eric Bangeman drove to a drive-through testing site near his home in the Chicago area to get some photos for this story. On Friday, the hospital hosting those tests announced it was suspending its drive-through testing program due to a shortage of test kits. Still, there's every reason to expect that testing providers will work out these kinks. The number of coronavirus tests soared this week, and we should expect that progress to continue in the coming weeks. And that's important because America is going to do a lot more testing to get the coronavirus outbreak under control. Federal missteps meant America started out behind on testing America started out behind on testing capacity due to a series of early mistakes by federal agencies. The story starts on January 31, when the Secretary of Health and Human Services declared the novel coronavirus to be a public health emergency. Due to a quirk in federal law, this declaration meant that anyone wanting to test for the coronavirus first needed to seek approval from the Food and Drug Administration. The FDA has a lot of discretion in how it uses that authority. The agency could have set up a streamlined process to allow a wide variety of organizations to create their own tests. But it didn't do that. The Centers for Disease Control was working on a coronavirus test, and initially the FDA decided not to allow anyone else to develop tests of their own. Unfortunately, when the CDC sent out an early batch of coronavirus testing kits to state and local laboratories, many of the labs were unable to validate the results. The CDC's efforts to troubleshoot this flaw wasted valuable time.With a limited number of tests available, the CDC initially limited testing to those who had recently traveled to coronavirus hotspots or those who had come into contact with a known coronavirus carrier. That made it difficult to track early cases of community spread within the US. Coronavirus tests are growing exponentially Enlarge / A drive-through COVID-19 testing site at Advocate Lutheran General Hospital in Park Ridge, IL. Eric Bangeman / Ars Technica Finally, on February 29, the FDA opened the door to other labs developing their own tests. Under the FDA's new framework, labs that met certain prior regulatory requirements would be allowed to begin using their own tests before they'd gotten explicit approval from the FDA. Under the new guidance, labs had a 15-day grace period after they began testing to file the necessary paperwork with the FDA. "That changed everything," one lab director told the New Yorker. "We didn’t have to wait to get the forms in and then wait for the response.” That decision opened the floodgates. In the last three weeks, the volume of coronavirus testing has grown exponentially. Data from the COVID Tracking Project shows that the total number of coronavirus tests performed in the US grew from fewer than 1,000 on March 4 to almost 10,000 by March 12 and more than 100,000 by March 19. Enlarge Eric Bangeman / COVID Tracking Project These numbers are still far from sufficient to get the coronavirus under control. South Korea, with about 15 percent of the US population, has tested 270,000 people. But America's testing capacity has been growing fast, and we can expect continued growth in the coming days and weeks. On Wednesday, Abbott Labs announced FDA approval of its coronavirus test. The company said it was "deploying 150,000 laboratory tests immediately" and was aiming to reach a million tests a week before the end of March. Another major medical testing provider, Roche, announced on Monday that it was planning to ship out 400,000 tests. "The test kits are being sent to a network of more than 30 hospital and reference laboratories in the US that already have the required instrumentation in place and have the ability to implement high-volume testing immediately." These are just two of many examples of US providers working to ramp up coronavirus testing capacity. With their help, the US will soon have far more coronavirus testing capacity than it has today. Why testing is important Testing isn't only important because it helps individual patients understand their medical conditions and guide their treatment—though that's obviously important. In an epidemic, testing is also crucial to help public health officials effectively direct resources, get the spread of the virus under control, and ultimately enable people to return to normal lives. Until recently, health care professionals and public health officials have been flying blind. They could only test a small fraction of the patients who exhibited coronavirus-like symptoms, and so they've tended to reserve tests for patients who exhibited severe, potentially life-threatening symptoms. Other patients are typically told to go home and self-isolate—without knowing for sure if they have the coronavirus. That uncertainty makes it hard to take precautionary steps to prevent further spread of the virus. If a patient is able to confirm that they have the coronavirus, then they (or public health officials) can warn friends, family, and other close contacts about the potential infection. Ideally, those people can get tested as well. But without a testing, public health officials don't know which cases to focus on. And large-scale testing will ultimately allow public health efforts to become more targeted, allowing more Americans to return to normal lives. That won't happen immediately, Johns Hopkins expert Josh Sharfstein told Ars. There are now so many coronavirus cases that it will require additional weeks of widespread social distancing measures to bring the outbreak under control. But as these measures start to have an impact and infection rates fall, testing will allow public health officials to precisely target further suppression efforts. Officials will be able to identify areas where the coronavirus has been stamped out and people can safely resume normal activities. They'll identify other areas that remain coronavirus hotspots and require more public health resources. As infections become rare and testing becomes plentiful, officials will be able to test close contacts of newly afflicted individuals, making it less likely that a single new coronavirus case will turn into a cluster of them. Source: America is finally testing for coronavirus in significant volumes (Ars Technica)

Facebook tried to block the referral but today an influential advisor to Europe’s top court has issued a legal opinion that could have major implications for the future of the EU-US Privacy Shield personal data transfer mechanism. It’s a complex opinion, dealing with a fundamental clash of legal priorities around personal data in the EU and US, which does not resolve question marks hanging over the legality of Privacy Shield . The headline take-away is that a different data transfer mechanism which is also widely used by businesses to transfer personal data out of the EU — so called Standard Contractual Clauses (SCCs) — has been deemed legally valid by the court advisor. However the advocate general to the Court of Justice of the European Union (CJEU) is also at pains to emphasize the “obligation” of data protection authorities to step in and suspend such data transfers if they are being used to send EU citizens’ data to a place where their information cannot be adequately protected. So while SCCs look safe — as a data transfer mechanism — per this opinion, it’s a reminder that EU data protection agencies have a duty to be on top of regulating how such tools are used. The reason the case was referred to the CJEU was a result of Ireland’s Data Protection Commission not acting on a complaint to suspend Facebook’s use of SCCs. So one view that flows from the opinion is the DPC should have done so — instead of spending years on an expensive legal fight. The backstory to the legal referral is long and convoluted, involving a reformulated data protection complaint filed with the Irish DPC by privacy campaigner and lawyer Max Schrems challenging Facebook’s use of SCCs. His earlier legal action, in the wake of the 2013 disclosures of US government mass surveillance programs by NSA whistleblower Edward Snowden, led to Privacy Shield’s predecessor, Safe Harbor, being struck down by the CJEU in 2015. On the SCCs complaint Schrems prevailed in the Irish courts but instead of acting on his request to order Facebook to suspend its SCC data flows, Ireland’s data protection watchdog took the unusual step of filing a lawsuit pertaining to the validity of the entire mechanism. Irish courts then referred a number of legal questions to the CJEU — including looping in the wider issue of the legality of Privacy Shield. It’s on those questions that the AG has now opined. It’s worth noting that the advocate general’s opinion is not binding on the CJEU — which will issue a ruling on the case next year. Although the court does tend to follow such opinions so it’s a strong indicator of the likely direction of travel. The opinion, by advocate general Henrik Saugmandsgaard Øe, takes the view that the use of SCCs for the transfer of personal data to a third country — i.e. a country outside the EU that does not have a bilateral trade agreement with the bloc — is valid. However, as noted above, the AG puts the onus on data authorities to act in instances where obligations to protect EU citizens’ data under the mechanism come into conflict with privacy-hostile laws outside the EU, such as government mass surveillance programs. “[T[here is an obligation — placed on the data controllers and, where the latter fail to act, on the supervisory authorities — to suspend or prohibit a transfer when, because of a conflict between the obligations arising under the standard clauses and those imposed by the law of the third country of destination, those clauses cannot be complied with,” the CJEU writes in a press release on the opinion. In a first reaction, Schrems highlights this point — writing: “The advocate general is now telling the Irish Data Protection Authority again to just do its job… After all the Irish taxpayer may have to pay up to €10M in legal costs, for the DPC delaying this case in the interest of Facebook. “The opinion makes clear that DPC has the solution to this case in her own hands: She [Helen Dixon] can order Facebook to stop transfers tomorrow. Instead, she turned to the CJEU to invalidate the whole system. It’s like screaming for the European fire brigade, because you don’t know how to blow out a candle yourself.” We’ve reached out to the Irish DPC and to Facebook for comment on the AG’s opinion. “At the moment, many data protection authorities simply look the other way when they receive reports of infringements or simply do not deal with complaints. This is a huge step for the enforcement of the GDPR [the General Data Protection Regulation],” Schrems also argues. Luca Tosoni, a research fellow at the Norwegian Research Center for Computers and Law at the University of Oslo, suggests that the likelihood of EU DPAs suspending SCC personal data transfers to the US will “depend on the Court’s ultimate take on the safeguards surrounding the access to the transferred data by the United States intelligence authorities and the judicial protection available to the persons whose data are transferred”. “The disruptive effect of a suspension of SCCs, even if partial and just for the U.S., is likely to be substantial,” he argues. “SCCs are widely used for the transfer of personal data outside the EU. They are probably the most used data transfer mechanism, including for transfers to the U.S. Thus, even a partial suspension of the SCCs would force a significant number of organizations to explore alternative mechanisms for their transfers to the U.S. “However, the alternatives are limited and often difficult to apply to large-scale transfers, the main ones being the derogations allowing transfers with the consent of the data subject or necessary for the performance of a contract. These are unlikely to be suitable for all transfers currently taking place in accordance with SCCs.” “In practice, the degree of disruption is likely to depend on the timing and duration of the suspension,” he adds. “Any suspension or other finding that data transfers to the U.S. are problematic is likely to speed up the modernization of SCCs that the European Commission is already working on but it is unclear how long it would take for the Commission to issue new SCCs. “When the Court invalidated the Safe Harbor, it took several months for the Commission to adopt the Privacy Shield and amend the existing SCCs to take into account the Court’s judgment.” On Privacy Shield — a newer data transfer mechanism which the European Commission claims fixes the legal issues with its predecessor — Saugmandsgaard Øe’s opinion includes some lengthy reasoning that suggests otherwise and certainly does not clear up questions around the mechanism’s legality which arise as a result of US laws that allow the state to harvest personal data for national security purposes, thereby conflicting with EU privacy rights. Per the CJEU press release, the AG’s opinion sets out a number of reasons which it says “lead him to question the validity of the ‘privacy shield’ decision in the light of the right to respect for private life and the right to an effective remedy”. The flagship mechanism is now used by more than 5,000 entities to authorize EU-US personal data transfers. Should it be judged invalid by the court there would be a massive scramble for businesses to find alternatives. It remains to be seen how the court will handle these questions. But Privacy Shield remains subject to direct legal challenge — so there are other opportunities for it to weigh in, even if CJEU judges avoids doing so in this case. Schrems clearly hopes they will weigh in soon, skewering Privacy Shield in his statement — where he writes: “After the ‘Safe Harbor’ judgment the European Commission deliberately passed an invalid decision again — knowing that it will take two or three years until the Court will have a chance to invalidate it a second time. It will be very interesting to see if the Court will take this issue on board in the final decision or wait for another case to reach the court.” “I am also extremely happy that the AG has taken a clear view on the Privacy Shield Ombudsperson. A mere ‘postbox’ at the foreign ministry of the US cannot possibly replace a court, as required under the first judgement by the Court,” he adds. He does take issue with the AG’s opinion in one respect — specifically its reference to what he dubs “surveillance friendly case law” under the European Convention on Human Rights — instead of what he couches as “the clear case law of the Court of Justice”. “This is against any logic… I am doubtful that the [CJEU] judges will join that view,” he suggests. The court typically hands down a judgement between three and six months after an AG opinion — so privacy watchers will be readying their popcorn in 2020. Meanwhile, for thousands of businesses, the legal uncertainty and risk of future disruption should Privacy Shield come unstuck goes on. Update: The Irish DPC has now responded to the opinion saying it welcomes the “clarity and analysis”. Head of communications, Graham Doyle, sent us this statement: The DPC welcomes the publication of the AG’s opinion. The opinion illustrates the levels of complexity associated with the kinds of issues that arise when EU data protection laws interact with the laws of third countries, to include the laws of the United States. Equally, the opening section of the opinion recognises the significant tensions that arise between, on the one hand, the need to show pragmatism, and on the other, “the need to assert the fundamental values recognised in the legal orders of the Union and its member states, and in particular, the Charter”. Some of the points of complexity engaged here go to matters of substance. To take just three examples: does EU law apply at all when data subject’s personal data is processed by public authorities in a third country (the AG believes it does); do US laws and practices facilitate interferences with the data protection rights of individuals that are incompatible with EU law (they do, in the view of the AG); and are those problems cured by Privacy Shield (no, in the opinion of the AG). Separately, the opinion notes that, in individual cases, the standard contractual clauses likewise may not provide an answer to the problems that arise when data transfers bring EU citizens’ data within the remit of US public authorities. At this point, procedural complexities also come into view. Specifically, who should intervene when, in the context of an individual transfer, the level of protection demanded by EU law cannot be maintained? Here, whilst acknowledging its imperfections, and the practical difficulties it presents, and notwithstanding the risk of fragmentation amongst supervisory authorities within the member states, the AG concludes that the approach settled upon by the EU in the context of the SCCs strikes an appropriate balance between pragmatism and principle. That approach is one in which responsibility for ensuring the protection of the data protection rights of EU citizens rests with controllers in the first instance and, in the view of the AG, with national supervisory authorities where a controller fails to discharge its obligations. Whilst noting that these issues are yet to be determined by the Court, the DPC welcomes the clarity of the analysis contained in the AG’s opinion. Facebook has also now sent us a statement, attributed to associate general counsel, Jack Gilbert: We are grateful for the Advocate General’s opinion on these complex questions. Standard Contractual Clauses provide important safeguards to ensure that Europeans’ data are protected once transferred overseas. SCCs have been designed and endorsed by the European Commission and enable thousands of Europeans to do business worldwide. We look forward to the final decision from the CJEU. Source