BEERG Newsletter - Data Privacy: Senior FCC member goes after TikTok + EU red-faced?

Derek Mooney writes: In a strongly worded letter sent on June 24^th, Brendan Carr the senior Republican on the U.S. Federal Communications Commission (FCC) requested Apple and Google to remove TikTok from their app stores, citing its “pattern of surreptitious data” and accusing the Chinese video sharing App, which is popular with youngsters, of “…harvesting swaths of sensitive data that new reports show are being accessed in Beijing.” Carr shared his letter on Twitter a few days later in a series of tweets, saying that: 

“TikTok’s pattern of misrepresentations coupled with its ownership by an entity beholden to the CCP (Chinese Communist Party) has resulted in U.S. military branches and national security agencies banning it from government devices.” 

He highlighted that bipartisan U.S. political leaders in both the Senate and House had flagged similar concerns adding that:

“The CCP has a track record longer than a CVS receipt of conducting business & industrial espionage as well as other actions contrary to U.S. national security, which is what makes it so troubling that personnel in Beijing are accessing this sensitive and personnel data.”

Meanwhile… there were red faces in Brussels this week when it emerged that the EU Commission is facing a lawsuit over claims it violated its own data protection rules by transferring citizens’ personal data from one of its websites to the United States. Though the Commission, and other EU institutions, are exempt from the GDPR, they are covered by Regulation 2018/1725 and the provisions of the Schrems II judgement. 

The claim is being taken by a German citizen who claims that the Commission’s website on the Conference of the Future of Europe failed to disclose sufficient information on its data processing practices. The website was launched to encourage EU citizens to engage in the discussion on the future of the EU including online webinars and surveys. See this Euractiv article on the case, for more. 

We can hope that this case may spur someone in the EU Commission to reflect on the question which BEERG has posed several times: should every data breach constitute an offence? Shouldn’t an offence (and fines) only result from deliberate misconduct, and shouldn’t the authorities be required to prove actual misconduct?