U.S. and European retailers agreed on a common approach to implement new EU regulations to better protect personal data, two industry groups announced Tuesday. The agreement between member companies of the National Retail Federation and EuroCommerce to implement the general data protection regulation (GDPR), which takes effect in May (see 1512160001 and 1702100030), came during meetings in Brussels. The agreement will help retailers with brick-and-mortar, website and mobile establishments face new compliance standards, more administrative requirements and bigger enforcement penalties for violations. Companies discussed data portability, consumer consent, profiling, data breach issues and the consumers' right to have their data removed under GDPR.

Fair use and safe harbor provisions should be included in a renegotiated North American Free Trade Agreement, the Re:Create Coalition said in a letter to U.S. Trade Representative Robert Lighthizer Thursday. If NAFTA is going to include copyright provisions, it must include enforcement measures and provisions like fair use in order to support the American economy and jobs, the letter said. Safe harbor provisions such as those included in the Digital Millennium Copyright Act helped internet growth, and fair use adds $2.8 trillion to the economy annually, the group said. It took issue with music industry groups that fear safe harbors would permit trading partners to be havens for piracy for those who illegally infringe on American content (see 1709200038).

Amazon’s Alexa and Echo devices are available by invitation in India and will roll out in Japan later this year, the company announced Wednesday. Customers who want to help the development of Alexa and Echo devices can request an invitation to buy the devices at www.amazon.in in exchange for a limited-time 30 percent discount and a year of Prime membership, it said. Devices are to ship at the end of the month.

The Irish High Court referred a case against Facebook's use of standard contractual clauses (SCCs) to the European Court of Justice, as expected (see 1702060029). The Irish court said in a Tuesday executive summary of the judgment that the Irish data protection commissioner (DPC) "raised well-founded concerns." Many companies use SCCs to transfer data abroad. Austrian privacy attorney Max Schrems, who challenged adequacy of the safe harbor agreement that led to EU-U.S. Privacy Shield, initially brought a similar complaint against SCCs to the Irish DPC in 2013. In the summary (provided by Schrems), the Irish High Court said the Privacy Shield's U.S. State Department ombudsperson didn't eliminate DPC concerns that SCCs provided inadequate protection. The ECJ must decide, said the Irish court, whether DPC authority to suspend or ban a data transfer to a company in a third country "is sufficient to secure the validity of the SCC Decisions." The judgment said only the ECJ can provide such "uniformity in the application" and "resolve the potential for inconsistent applications." A Facebook spokeswoman said the "ruling will have no immediate impact on the people or businesses who use our services. However it is essential that the [ECJ] now considers the extensive evidence demonstrating the robust protections in place under Standard Contractual Clauses and US law, before it makes any decision that may endanger the transfer of data across the Atlantic and around the globe.” SCCs are essential for thousands of companies, she said. Schrems welcomed the ruling: "Facebook seems to have lost in every argument.” BSA|The Software Alliance and the Electronic Privacy Information Center also commented.

The U.S. Trade Representative office received more than four dozen comments on its investigation into the Chinese government's tech transfer, IP and innovation policies and practices, which many filers said put U.S. companies and others at a disadvantage (see 1708150039). Comments were filed last week. The interagency Section 301 committee plans a 9:30 a.m. hearing Oct. 10 at 400 E St. SW, with post-hearing rebuttal comments due Oct. 20. BSA|The Software Alliance said the Chinese government's IP-related and market access policies and practices prevent foreign businesses from operating there "efficiently, or at all" and fail to protect IP and trade secrets. It said barriers are "particularly acute" in telecom and IT industries such as cloud computing, cross-border data flows, requirements for disclosing a company source code, and enterprise standards. The Telecommunications Industry Association said China's drive to boost its domestic industry is "accompanied by a more concerning attempt to undermine and shrink the role of U.S. and other foreign technology firms." TIA worries more security rules to vet foreign tech may disadvantage U.S. exporters selling to China's markets and could set a precedent for other countries. The Information Technology and Innovation Foundation said Chinese policies: "induce forced" tech and IP transfer across many advanced-technology industries; engage in state-directed foreign direct investment and mergers and acquisition that targets foreign enterprises as part of an effort to move China 'up the value chain' in those sectors; and coordinate cyber-based IP and technology theft. CompTIA said China's aggressive implementation and use of technical standards to support industries like the ICT sector creates major interoperability issues, lack adequate safeguards to protect IP, and are developed without sufficient transparency and participation rights for foreign companies. It wants the USTR to encourage the Chinese government to adapt tech-neutral policies and allow the market to choose technology and standards. China has taken positive steps to amend civil law to make clear trade secrets are subject to civil IP protection, but the American Bar Association Section of IP Law said it's "a significant problem." The ABA said "enforcement measures are inadequate, penalties are weak, bad faith registrations are a problem, and systemic counterfeiting and widespread piracy still needs to be addressed," including stronger copyright protections and damage awards for patent infringement.

A Department of Homeland Security rule that would collect "social media handles, aliases, associated identifiable information, and search results" on immigrants, including permanent residents and naturalized U.S. citizens, would chill free speech, said Center for Democracy & Technology CEO Nuala O'Connor Wednesday. DHS last week published a proposed rule, which takes effect Oct. 18, to expand collection of information on immigrants including social media data. O'Connor, a former DHS chief privacy officer, called the practice an "affront to basic human dignity" of individuals and families who would be subject to "overbroad and overly invasive rules." She said it would have a "chilling effect on online speech" and make it "impossible for immigrants to have pseudonymous internet identities, or to speak online without fear of government retribution." American Civil Liberties Union National Political Director Faiz Shakir said Tuesday DHS' "collect-it-all approach is ineffective to protect national security." A department spokeswoman said Wednesday the rule modifying the current records collection isn't new policy. "DHS, in its law-enforcement and immigration-process capacity, has and continues to monitor publicly available social media to protect the homeland," she said. "In an effort to be transparent, to comply with existing regulations, and due to updates in the electronic immigration system, DHS decided to update its corresponding Privacy Act system of records." The department is complying with administrative requirements of the act, she said.

There's a "marked increase" in organizations indicating their use or intention to use Privacy Shield from last year, blogged International Association of Privacy Professionals Publications Director Sam Pfeifle, summarizing early returns of the global IAPP-EY Privacy Governance Survey of 548 organizations. Last week, the EU and U.S. did an inaugural review of the framework, with a report coming out in October (see 1709210011) that could influence how the agreement may be changed. More than 2,500 organizations are self-certified under Privacy Shield, according to an International Trade Administration-hosted website. Pfeifle said 47 percent of organizations that say they will transfer personal data from the EU will use the trans-Atlantic data sharing framework, up from 34 percent in 2016 (see 1609150023). Sixty-seven percent of companies with fewer than 5,000 employees say they want to use Privacy Shield. Eighty-eight percent will use standard contractual clauses, up from 80 percent last year. Pfeifle noted that mechanism is being challenged in a European court (see 1607060009). He said the report will be released at IAPP's San Diego conference Oct. 16-18.

The International Trade Commission seeks comment by Oct. 20 on a general exclusion order banning imports of mobile device holders infringing patents held by Nite Ize, which requested the underlying Tariff Act Section 337 investigation. The company alleged lesser-known companies with names like Shenzhen Topworld Technology in the U.S. and China import and sell mobile device holders that copy its Steelie line used to hold mobile phones, tablets and other devices in a hands-free orientation, often attached to vehicle dashboards, said ITC in Friday's Federal Register. Shenzhen Topworld didn't comment.

Rob Strayer started work earlier this week as deputy assistant secretary of state-cybersecurity and international communications and information policy, and U.S. coordinator for international communications (CIC) and information policy, as expected (see 1708220059), the Computer & Communications Industry Association and two communications sector lobbyists separately confirmed. Strayer entered the role with foreign policy experience via his previous role as legislative director and general counsel to Senate Foreign Relations Committee Chairman Bob Corker, R-Tenn., and cyber policy experience in a past role as director of the Bipartisan Policy Center’s Homeland Security Project. Strayer's appointment to an expanded DAS role appears to confirm earlier concerns that State's Office of Coordinator for Cyber Issues could be absorbed into another departmental office (see 1708030009), one industry lobbyist said. Strayer's expanded role gives him authority over cyber and international telecom policy issues, but it's unclear whether the cyber issues office was absorbed into the CIC office, a lobbyist said. The White House, State and Corker's office didn't comment. Strayer acknowledged his move to State in a Monday tweet, but didn't disclose his role. Strayer moved to State without any formal White House announcement because President Donald Trump's administration is “still working through” whether to also nominate him at the level of an ambassador, as other presidents have done in naming past CICs, a telecom lobbyist said. The CIC role doesn't require Senate approval but all ambassadors go through the nominations process via Senate Foreign Relations. Nomination of the CIC as a U.S. ambassador can be important since the person in that role often has led the U.S. delegation to ITU conferences, the telecom lobbyist said. Strayer's appointment “is strategically important to ensure the U.S. has a strong voice at the table as key negotiations take place on issues from trade to tech policy, which impact the growth of the fastest growing sector of the U.S. economy at home and abroad,” said CCIA President Ed Black. “Given the importance of his portfolio, we hope that the Deputy Assistant Secretary receives an Ambassadorship to aid him in advocating.”

European Justice Commissioner Vera Jourová "stressed the importance of a robust and trustworthy annual review [of the Privacy Shield], given the concerns of European stakeholders" to Commerce Secretary Wilbur Ross, said a European Commission spokesman in a statement Monday. Acting FTC Chairman Maureen Ohlhausen and representatives of European data protection in Washington also attended the launch of the EU-U.S. Privacy Shield review was also attended. The EC spokesman said Jourová emphasized the review should show how U.S. commitments are being met, that the underlying U.S. legal framework remains in place and oversight mechanisms, namely the State Department ombudsperson, are functional. Experts said the review may find faults within the framework, but expect the agreement to be maintained (see 1708210043). Jourová and Ross plan to meet Wednesday to discuss how the review went and areas to address or if more information is needed to complete it, the EC spokesman said. Jourová, he said, plans to issue a report in the second half of October. In a statement, Jourová said the meeting with Ross was "good and honest ... I am glad to be reassured that America First doesn't mean America only." Commerce didn't comment and the White House said last week the U.S.'s commitment "cannot be stronger." The Computer & Communications Industry Association and U.S. Council for International Business joined others (see 1709150024) supporting the agreement and review. USCIB said the framework is promoting stronger protections of people's personal data and is an effective mechanism for certification by small- and medium-sized businesses. It said longevity of the agreement is important. Nearly 2,500 businesses are certified under the agreement, according to the Privacy Shield website.