Categories
News

Global oil glut fuels thaw in US-Iran relations

The glut of global oil may be accelerating the thaw in relations between the U.S. and Iran.

The announcement on Saturday that economic sanctions against Iran have lifted frees roughly $100 billion to flow into Iran, which can resume oil exports. The end to the embargo came after United Nations inspectors certified that Iran honored commitments to dismantle major parts of its nuclear program.

The Iranians reportedly met their nuclear-related promises months ahead of schedule. The speed reflected in part a determination by Iranian President Hassan Rouhani to boost the flow of funds into the treasury before parliamentary elections slated for next month.

“They were highly motivated to get it done,” an American official told the Times, which notes that the falloff in oil prices has slashed the Islamic Republic’s national revenue.

Iran says it can produce 500,000 barrels of oil a day. That would add to an oversupply that has pushed prices to below $30 a barrel, their lowest in a dozen years.

The action by Iran to dismantle its nuclear program and the lifting of sanctions culminates a deal reached in July between the Iran and six world powers: the U.S., Britain, France, China, Russia and Germany.

The end of sanctions means that Iran can connect with the international financial system, and that Iranian business can trade with the EU. Details for trade between Iran and the U.S. may take longer to hammer out.

 

 

 

 

 

 

 

 

 

 

Categories
Privacy

The US and EU have three months to come to terms on trans-Atlantic data transfers

The United States and Europe have three months to work out a procedure for the transfer of personal data to the US from the EU, representatives of an independent advisory body that brings together data protection regulators from the EU’s member states announced on Saturday.

The announcement, by the EU’s Article 29 Working Party, gives guidance to businesses and other organizations that send data ranging from posts on social media to personnel records across the Atlantic following a ruling in October by the European Court of Justice (ECJ) invalidating a so-called safe harbor that had governed such transfers since 2000.

The ruling by the ECJ highlighted the cross-border flow of data and raised anew questions about the protections for privacy in a digital economy. It also upended the expectations of more than 4,000 companies, including tech giants such as Facebook, Amazon, and Google, that had certified compliance with the safe harbor to relay data from Europe to the US.

The statement by the Article 29 Working Group aim to allay fears by companies that the ECJ’s ruling might spur regulators in Europe to bring enforcement actions against companies for mishandling data transfers. In the meantime, companies can use contracts to assure privacy safeguards or adopt rules that protect the privacy of data transfers among corporate subsidiaries.

Officials on both sides of the Atlantic also say they will continue negotiations on a pact that can replace the safe harbor. If the sides cannot agree by the end of January, regulators in each of the EU’s member states will “take all necessary and appropriate action, including coordinated enforcement actions,” the Working Party said in its statement.

“Transfers of personal data are an essential element of the transatlantic relationship,” the group added. “The EU and the US are each other’s most important trading partners, and data transfers, increasingly, form an integral part of their commercial exchanges.”

The safe harbor reconciled differences in privacy protection between the US and EU, which holds that citizens have a fundamental right to privacy with respect to the processing of their data. The US regulates privacy by sector but lacks a national scheme.

The ECJ nullified the safe harbor as part of its resolution of a referral from Ireland’s high court, which had referred the matter to the ECJ following a ruling by the republic’s data protection commission (DPC) that the safe harbor preempted investigation of a claim an alleged violation.

The case began in June 2013,  when Max Schrems, then a law student at the University of Vienna, filed a complaint with the DPC charging that Facebook, which maintains its European headquarters in Dublin, sent at least some of the information he and his fellow citizens of the EU posted on the site to servers the company operates in the United States.

Schrems premised his complaint on leaks by Edward Snowden, who documented how the National Security Agency obtained information about users from Facebook, Google, and other tech firms. The surveillance, Schrems asserted, contravened the EU’s protections for personal data.

The ECJ agreed. According to the court, the National Security Agency’s ability to compel tech firms to hand over electronic communications provided by their users “must be regarded as compromising the essence of the fundamental right to respect for private life.”

In January 2014, the Obama administration and tech companies announced a deal that allows the companies to disclose information about data they are required to share with the government

Categories
cybersecurity Law

EU readies rules to bolster cybersecurity, require notice of data breaches

The European Union is readying an approach to cybersecurity that may subject services as Google and Facebook to breach notification requirements that mirror those for banks and health-care providers.

The Network and Information Security Directive, a proposal under consideration by the European Commission, would require companies in industries deemed critical to strengthen digital safeguards and report breaches to national authorities.

The directive represents one of the first attempts to legislate a rule for security breaches that crosses borders. That stands in contrast to the U.S., which has yet to adopt a national notification law and leaves companies to comply with a series of notification requirements set by states.

Members of the European Parliament who have been negotiating the rules have agreed to extend the reach of the directive to social networks, cloud computing platforms, commerce sites and other digital platforms, according to a report Friday by Reuters.

Under the terms of the directive, which was proposed in 2013, companies that operate so-called critical infrastructure in any of the 28 countries that constitute the EU will be required to report “significant security incidents” as well adopt measures to lessen the risk of cyber threats.

In addition to Internet companies, the directive would require companies in the financial, energy, health and transportation industries to report incidents “having a significant impact on the security of core services.” The EU currently requires telecommunications companies to report such incidents.

Members of the commission are expected to start work this September on a final version of the rule.

Ninety percent of large corporations and 74% of small businesses in the U.K. experienced a security breach in the past year, according to survey published recently by PwC.