Technology

A number of top executives are out at ZTE as the phone maker works to fulfill the requirements of U.S.-imposed restrictions. Among the big changes up top is new CEO Xu Ziyang, who formerly headed up the companyoperations in Germany. A new CFO, CTO and head of HR have been named, as well, according to The Wall Street Journal.

The move comes a few days after company slowly began to resume some business operations on a one-month waver, following a seemingly D.O.A. seven-year export ban. The ban was announced back in April, after the company failed to appropriately punish top employees over Iran/North Korean trade violations.

Trump, however, was quick to toss the company a lifeline, citing potential job loss in China. The Presidentwillingness to bail out ZTE has been met with staunch criticism by many, including members of his own party. A bipartisan push in Congress to reinstitute the ban began in Congress last month. Many of the issues appear to stem from ties to the Chinese government that also put Huawei in hot water with U.S. security orgs.

For now, however, the company appears to be springing back to life, as it rushes to comply with the most recent laundry list of restrictions. The moves come in the wake of a $1 billion fine and the effective freeze on operations as the company mulled a way forward without relying on products from U.S. businesses like Google and Qualcomm.

In that time, ZTE has lost billions, and grappled with other…inconveniences. Of course, even with these changes, the company isn&t out of the woods just yet. In addition to on-going financial issues, security and other concerns could be enough to put consumers in the U.S. and other countries off the company altogether.

The Model 3 can now park itself. Called Summon, the feature is now available on the companynew sedan.

Ita clever feature that takes advantage of the vehicleconnectivity and autonomous driving capabilities. With Summon owners can command their Model 3 to pull into a parking spot and power down. It can even control garage doors — all without a driver behind the wheel or controlling the vehicle remotely. Tesla added the feature to Model S and Model X vehicles last year.

This is the latest feature Tesla added to the Model 3 after its launch. The company is in a frenzy to keep up with production goals and the nature of the Model 3connected platform allows the company to added features to already-built vehicles.

The European Parliament has been making its presence felt today. As well as reopening democratic debate around a controversial digital copyright reform proposal by voting against it being fast-tracked, MEPs have adopted a resolution calling for the suspension of the EU-US Privacy Shield.

The parliamentarians& view is that the data transfer mechanism does not provide the necessary ‘essentially equivalent& data protection for EU citizens — and should therefore be suspended until US authorities come into compliance.

The resolution states that the parliament:

Takes the view that the current Privacy Shield arrangement does not provide the adequate level of protection required by Union data protection law and the EU Charter as interpreted by the European Court of Justice;

Considers that, unless the US is fully compliant by 1 September 2018, the Commission has failed to act in accordance with Article 45(5) GDPR; calls therefore on the Commission to suspend the Privacy Shield until the US authorities comply with its terms

The mechanism is currently used by more than 3,300 organizations to authorize transfers of personal data from the EU to the US, including the likes of Facebook, Google, Microsoft, Amazon and Twitter, to name just a few of the well-known tech names making use of the framework to authorize EU to US personal data transfers.

The EU-US Privacy Shield is not yet two years old but has always been controversial, given the mass surveillance/Snowden disclosure-related reasons for the demise of its predecessor (Safe Harbor).

Privacy Shield has looked especially precarious since the election of a US president with an openlyprivacy-hostile, anti-foreigner agenda. Andreforms to US laws that EU lawmakers had hoped would be enacted have not come to pass.

On the contrary, US lawmakers dug in entirely on warrantless surveillance(aka Section 702 of the Foreign Intelligence Surveillance Act), giving it six more years — and offering nothing in the way of the sought for reforms.

In todayresolution the parliament writes that it ®rets that the US did not seize the opportunity of the recent reauthorisation of FISA Section 702 to include the safeguards provided in PPD 28& — referring to an Obama era Presidential Policy Directive that backed extending privacy protections to non-US nationals (when a very different US president wrote that US signals intelligence activities &must take into account that all persons should be treated with dignity and respect, regardless of their nationality or wherever they might reside, and that all persons have legitimate privacy interests in the handling of their personal information&).

EU lawmakers have always wanted a more formal, robust and lasting commitment than a PPD, though, and privacy provisions for foreigners& data being included in FISA was their preferred outcome.Safe to say, Trump has not picked up that baton.

The parliament is also calling for &evidence and legally binding commitments& to ensure that data collection under FISA Section 702 is not &indiscriminate and access is not conducted on a generalised basis (bulk collection)& — which would be in contravention of the EUCharter on Fundamental Rights.

Specifically itbacking calls by the EUinfluential WP29 group, which is comprised of Member State data protection chiefs (aka what&snow known as the European Data Protection Board; EDPB) for an updated report from its rather less influential US counterpart, thePrivacy and Civil Liberties Oversight Board(which still only has one active board member listed on its website; yet another bone of contention for Privacy Shield compliance) to provide definition and detail on how US intelligence agencies are actually handling ‘bulk data&.

The parliament writes that it wants the PCLOB to report on &the definition of ‘targets&, on the ‘tasking of selectors& and on the concrete process of applying the selectors in the context of the UPSTREAM [aka the NSAInternet and telephone data collection program] to clarify and assess whether bulk access to personal data occurs in that context&.

The parliament is also angry that EU individuals have been excluded fromadditional protection provided by the reauthorisation of FISA Section 702 — saying it contains &several amendments that are merely procedural and do not address the most problematic issues& — with MEPs amping up pressureon the Commission, urging the EUexecutive body to &take the forthcoming WP29 analysis on FISA Section 702 seriously and to act accordingly&.

Privacy Shield was only officially adopted in July 2016, but EU lawmakers have been getting increasingly unhappy because core components of the framework have been left hanging by US authorities. Such as the ongoing lack of a permanent appointment to an ombudsperson role thatintended to act as a key arbiter for any data-related complaints from EU citizens, given the data controllers in question are in the US.

The parliament also raises concerns about the executive order signed by Trump in January 2017— aka the ‘Enhancing Public Safety& order, which stripped away privacy protections from non-U.S. citizens — saying that while Privacy Shield did not directly rest on the US Privacy Act related to this order, the substance of the order indicates &the intention of the US executive to reverse the data protection guarantees previously granted to EU citizens and to override the commitments made towards the EU during the Obama Presidency&.

So, as we wrote at the time, the trajectory of Trumpadministration vis-a-vis privacy and foreigners did not — and does not — bode well for smooth data flows between the two regions; aka the lifeblood of business — not just tech business.

Italso unhappy about the recent adoption of the Clarifying Lawful Overseas Use of Data Act (aka the Cloud Act), writing that this &expands the abilities of American and foreign law enforcement to target and access peopledata across international borders without making use of the mutual legal assistance (MLAT) instruments, which provide for appropriate safeguards and respect the judicial competences of the countries where the information is located&.

&The Cloud Act could have serious implications for the EU as it is far-reaching and creates a potential conflict with the EU data protection laws,& it adds — saying a more balanced solution would have been to strengthen the existing international system of MLATs &with a view to encouraging international and judicial cooperation&.

And, well, you can&t imagine treaty-ripping Trump getting cosy with that idea.

Pressure has especially stepped up on Privacy Shield in recent months, ahead of the mechanismsecond annual review — which is due to take place in October — as the review process should, in theory, provide some leverage for the EU over its US counterparts, as the Commission can hold up the threat of suspension for compliance failures.

Although, once the EC declares the annual review has passed, the lever arguably flips the other way — and Privacy Shield seemingly gets another yeargrace, with critics fobbed off with talk of ‘improvements to be made&, as happened at the first annual review last year.

Hence why EU parliamentarians are amping up the pressure now, ahead of the review, much likethe WP29 did last year.

The Libe committee also called for a suspension last month, raising pointed concerns about the adequacies of protection around EU citizens& data in light of the Facebook-Cambridge Analytica data misuse scandal.Europeans& data was among the up to 87M compromised accounts related to that scandal. Though there have been many other recently emerging instances of Facebook failing to lock down user data.

The company remains an active participant in the EU-US Privacy Shield framework, although it is nowunder investigation by the FTC— as a consequence of the Cambridge Analytica scandal. Several other federal agencies are also reportedly examining related statementsFacebook has made. So itfacing rising heat.Even as it remainslisted as an active participant inPrivacy Shield for now.

Any sanction or removal from the framework depends on US authorities judging an entity to have breached its obligations under the framework — and taking action.

Notably SCL Elections — a US subsidiary of the now defunct Cambridge Analytica — is now listed as inactive (it was still active just under a month ago).

The continued presence of any entity on the Privacy Shield list that has demonstrably failed to safeguard EU citizens& personal data must raise serious questions over how much actual protection the framework affords.

In a statement on the parliament resolution today, Libe committee chair and rapporteurClaude Moraes said: &This resolution makes clear that the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter. Progress has been made to improve on the Safe Harbor agreement but this is insufficient to ensure the legal certainty required for the transfer of personal data.

&In the wake of data breaches like the Facebook and Cambridge Analytica scandal, it is more important than ever to protect our fundamental right to data protection and to ensure consumer trust. The law is clear and, as set out in the GDPR, if the agreement is not adequate, and if the US authorities fail to comply with its terms, then it must be suspended until they do.&

Suspending the mechanism entirely would certainly concentrate minds in the US administration — given the thousands of US companies signed up to rely on it simplifying their business operations.

Were that to happen, many of these companies would be left scrambling to put in place alternative legal arrangements to authorize data transfers — or even have to suspend data flows altogether, depending on their threshold for legal risk. (Remember the EU also now has a tough new data protection framework.)

However only the European Commission can suspend the Privacy Shield mechanism itself.

And the Commission continues to stand behind the framework it worked with the US to shape and negotiate.Christian Wigand, a Commission spokesperson, told us it intends to continue to work with the US administration on improving the implementation of Privacy Shield.

In a statement he said:

The Commission takes note of the European Parliament resolution on the EU- U.S. Privacy Shield. The Commissionposition is clear and laid out in the first annual review report. The first review showed that the Privacy Shield works well, but there is some room for improving its implementation.

The Commission is working with the US administration and expects them to address the EU concerns. Commissioner Jourová was in the U.S. last time in March to engage with the U.S. government on the follow-up and discussed what the U.S. side should do until the next annual review in October.

Commissioner Jourová also sent letters to US State Secretary Pompeo, Commerce Secretary Ross and Attorney General Sessions urging them to do the necessary improvements, including on the Ombudsman, as soon as possible.

We will continue to work to keep the Privacy Shield running and ensure Europeandata are well protected. Around 4,000 companies are using it currently.

Therea wild card here too though: Privacy Shield is now facing serious legal questions in Europe, having been looped into what began as a separate legal challenge to another data transfer mechanism — used by the likes of Facebook — to authorize transfers of EU users& personal data to the US for processing.

That case recently resulted in a referral of various legal questions, including around Privacy Shield, to Europetop court — thereby posing what could be an existential threat to the whole arrangement. (Though Facebook is attempting to derail the referral, and has an appeal against set to be heard in IrelandSupreme Court later this month.)

While the Commission has a vested interest in defending and maintaining a framework it renegotiated so very recently, and which it can trumpet as as success given the number of businesses that have jumped on board, the CJEU will be looking at Privacy Shieldadequacy protections purely from the legal perspective — and, as happened with Safe Harbor in 2015, the court could decide the mechanism is legally unsound and strike it down at the stroke of a pen.

At which point the scrambling and renegotiating would begin all over again.

In its second plenary meeting today, the EDPB notes that Privacy Shield was among the topics discussed. The group says it also met with the actingUS ombudsperson responsible for handling national security complaints under the Privacy Shield, ambassador Judith Garber (who, nonetheless, is not a permanent appointee).

In a statement released after the plenary, it writes that the meeting withGarberwas &interesting and collegial& but did not provide a conclusive answer to its ongoing concerns, including around the ombudsperson role; the lack of formal appointments to the PCLOB; the lack of additional information on the ombudsperson mechanism; and further declassification of the procedural rules, in particular on how the ombudsperson interacts with the intelligence services.

&These issues will remain on top of the agenda during the second annual review,& it writes. &In addition, it calls for supplementary evidence to be given by the US authorities in order to address these concerns. Finally, the EDPB notes that the same concerns will be addressed by the European Court of Justice in cases that are already pending, and to which the EDPB offers to contribute its view, if invited by the CJEU.&