The two-year dispute over US law enforcement interests and EU’s privacy laws could erupt in mid-July as the Court of Justice of the European Union (CJEU) decide if EU-US data transfers are legal.
GDPR critics, including European law enforcement authorities, have ramped up their criticism of the EU’s lack of clarity when it comes to identifying cybercriminals through domain names.
Following the European Commission’s evaluation report of the GDPR released on 24 June, critics have argued that the EU is continuing to ignore the threat that gaps in the regulation pose during the cybercrime crisis.
At the centre of the issue is the lack of access law enforcement officials have to the WHOIS database for identifying purposes. Prior to the implementation of GDPR in 2018, it provided an important tool for global law enforcement agencies.
The controllers of domain names became concerned that fulfilling law enforcement requests would result in them receiving fines for data breaches.
Critics are lobbying for EU privacy officials to solve the problem by affording law enforcement an exemption that would allow them to have access to domain name owners’ identities.
In a conversation with POLITICO, Sean Heather, senior vice president for international regulatory affairs at the US Chamber of Commerce said: “All of this has been a frustration for two years that has been building and building. The Europeans should make clear that this is not a violation of the GDPR.”
The EU has reinstated its position that it is the role of legal authorities in member countries to respond to law enforcement requests to identify domain name owners.
If the CJEU rules data transfers illegal under EU privacy laws, Washington will be expected to enhance its privacy laws once again.
US Deputy Assistant Secretary of State for Cyber, Rob Strayer, said this would be “so detrimental to transatlantic trade”.
The post EU law enforcement officials join US critics in lobbying for law enforcement exception in GDPR appeared first on PrivSec Report.