The German Federal Ministry for Digital and Transport (Bundesministerium für Digitales und Verkehr – BMDV) has drawn up a new draft bill which shall introduce:

  • (i) a statutory obligation for providers of number-independent interpersonal communication services (e.g. instant messaging services) to allow their users to use end-to-end encryption (“E2EE”), and (ii) a statutory transparency obligation for such providers to inform their users accordingly; and
  • a statutory transparency obligation for providers of certain cloud services to inform their users about how to use continuous and secure encryption (“Draft Bill”).

The Draft Bill (status 7 February 2024), which does not have any basis in EU law, is available here (German content).Continue Reading Germany’s government plans to introduce a statutory ‘right to encryption’ for users of messaging and cloud storage services

Digital Markets Act: Developments since its proposal  

Following the European Commission’s initial proposal of the Digital Markets Act (DMA) in December 2020, its adoption by the European Parliament in March 2022 and the entry into force on November 1, 2022, the DMA will finally apply from May 2, 2023. The DMA contains a list of obligations and prohibitions, subject to fines, that core platform services (CPS) provided by so-called gatekeepers must comply with in their daily operations. CPS should therefore be assessed at an early stage regarding whether or not they fall within the scope of regulation of the DMA.

As is set out in the following, the DMA poses significant business challenges for (potential)
gatekeepers, which should be addressed in a legally sound, comprehensive and systematic manner in order to prevent disruptions to the relevant businesses. Continue Reading Countdown to compliance: The DMA to apply to digital gatekeepers from May 2, 2023  

In Singapore, private sector organisations must generally comply with the transfer limitation obligation in the Personal Data Protection Act (the Act). Any transfer of personal data outside Singapore must be in accordance with the Act’s requirements, to ensure that a comparable standard of protection is accorded to that data.

However, where an organisation is a data intermediary, i.e., it processes personal data on behalf of and for the purposes of another pursuant to a written contract, that intermediary is not subject to the transfer limitation obligation, as specified in section 4(2) of the Act.Continue Reading Guidance given on Singapore cross-border data transfer obligation for intermediaries and cloud providers

Tuesday, December 4, is officially “E-Discovery Day” and Reed Smith is doing its part to participate. Join us as we host a free onehour webinar: “Discovery crossfire: Debating the controversial issues in E-Discovery.”

The program, scheduled for 12-1 p.m. ET, will feature debates on five controversial e-discovery

An international cybersecurity advisory panel formed by the Monetary Authority of Singapore (MAS) has recommended that all financial institutions in Singapore ensure that data stored on the public cloud is kept secure, and that they perform cybersecurity risk assessments on their third-party providers.

These proposals were raised at the panel’s second annual meeting, after its members had met with representatives from the Standing Committee on Cyber Security from the Association of Banks in Singapore, Life Insurance Association Singapore and General Insurance Association of Singapore.

The panel also noted that there had been an increase in use by financial institutions of application programming interfaces (APIs) to build software and applications. As use of such APIs could pose a greater risk of cyber threats, the panel suggested specific ways in which the institutions should combat such risk; for instance:

  • conducting “red-teaming” cyberattack simulations
  • securing network connections with any third party providers
  • monitoring for any suspicious cyber activity.

Continue Reading Monetary Authority of Singapore panel urges financial institutions to adopt cybersecurity measures

The European Union Agency for Network and Information Security (ENISA) has published a paper on the security challenges that arise from the convergence of Internet of Things (IoT) and Cloud computing. The paper is directed at IoT developers, IoT integrators and Cloud service providers, and concludes with a number of suggested steps to achieve secure solutions.

ENISA defines IoT as “a cyber-physical ecosystem of interconnected sensors and actuators, which enable intelligent decision making”. This would include, for example, smart homes, Fitbits and Apple Watches. ENISA divides the IoT ecosystem into three components, (i) devices, (ii) communications and (iii) Cloud platform, backend and services.

The growth of IoT in recent years has put pressure on Cloud computing to evolve in order to accommodate IoT’s needs, including aggregating, storing and processing the data that it generates. This resulted in a new model, the “IoT Cloud”.

The emergence of the IoT Cloud poses potential security risks, and ENISA is primarily concerned about the fact that IoT devices provide access to Cloud systems, and therefore any attack on an IoT device can potentially lead to a more widespread attack.Continue Reading Security challenges arising out of the convergence of Internet of Things and Cloud computing

In the wake of recent cyberattacks, cities and states are taking a stand.

On March 29, New York City (the City) Mayor Bill de Blasio announced NYC Secure, an initiative that will include a suspicious activity alert app for residents and security upgrades to the City’s public Wi-Fi networks.[1]The initiative is intended as a citywide effort to better protect citizens and mitigate systemic-level cyber threats to citizens or City infrastructure, not unlike the ransomware attack suffered by the City of Atlanta last month, which included the disabling of public Wi-Fi.[2]

 Hailed as New York City’s “first ever cybersecurity initiative,” NYC Secure will be developed and implemented by NYC Cyber Command, and will offer free resources to increase cybersecurity for residents and visitors to the Big Apple starting this summer. Core features of the app include alerting users to suspicious mobile device activity, identifying potentially malicious Wi-Fi networks, apps or websites, and providing tips for users to be more aware of their digital activities. While the app’s intentions are admirable, the City has already recognized the risks of improper implementation, particularly with respect to the potential for increasing the surface area of attack by creating another access point to user data.
Continue Reading Keys to the City: Recent developments in New York City address cybersecurity risks

On Tuesday, January 23, Lloyd’s of London co-published a report with AIR Worldwide highlighting the significant financial fallout that could occur in the event of a cyber incident or shutdown of a cloud computing provider in the United States, noting that losses could be to the tune of about $19 billion – of which only

Your business may license many different types of software and technology in the ordinary course. These licenses range from software installed on your internal network to use-rights in software-as-a-services (SaaS) models, where the programs reside on the vendor’s host systems and are accessed via the Internet (or in some other manner).

In each case, you are granted use-rights that define how the licensed materials can be used (for example, there may be a limit on the type of business for which the materials can be used), where they can be used (i.e., a territory or facility restriction), and who can use them.

Ensuring that the technology can be used by the appropriate people is one of the most overlooked items in a technology license.
Continue Reading Don’t Forget About Your Affiliates and Customers as Technology License End Users