Wanner Delivers Stakeholder Intervention at UN on New Cybercrime Convention

Published on August 23, 2023

This week, the United Nations convened a meeting to finalize a new draft UN Convention that would counter the use of ICTs for cybercrime. USCIB Vice President for ICT Policy Barbara Wanner was on the ground in New York and delivered a stakeholder intervention that focused on scope of the Convention and data protection safeguards.

The negotiation for the text of this new Convention, officially called the “Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes,” aims to address the abuse of information technologies to scale and speed crimes such as terrorism, human trafficking, smuggling of migrants, drug trafficking, and illicit manufacturing and trafficking in firearms.

Wanner’s intervention reflected comments also made by the International Chamber of Commerce (ICC), USCIB member Microsoft, and the Cybersecurity Tech Accord.

“The Convention should align with existing instruments and data protection standards to avoid conflict of laws, confusion, delays, increased costs, and potential cooperation breakdown,” said Wanner. Wanner also addressed the draft’s provisions for government access to personal data, related to a wide variety of cyber-enabled crimes that are not currently defined in the draft without appropriate safeguards.

“Combined with the lack of clarity on jurisdiction for this category of crimes, data custodians will have no way of determining whether government requests for data access are reasonable and proportional,” added Wanner.

Wanner referenced the OECD Declaration on Government Access to Personal Data Held by Private Sector Entities, adopted in December 2022, as a good model.

“The OECD framework aims to clarify how national security and law enforcement agencies can access personal data under existing legal frameworks,” added Wanner.

EU-U.S. Data Privacy Framework (EU-U.S. DPF)

Published on July 10, 2023

The United States Council for International Business (USCIB) advances the global interests of American business both at home and abroad. It is the American affiliate of the International Chamber of Commerce (ICC), the Business and Industry Advisory Committee (BIAC) to the OECD, and the International Organisation of Employers (IOE). As such, it has agreed to act as a trusted third party on behalf of the European Union (EU) data protection authorities (EU DPAs).

Background

The EU-U.S. Data Privacy Framework (EU-U.S. DPF), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from EU member countries to companies in the United States, requires that participating U.S. companies have in place appropriate independent recourse mechanism/s (IRMs) for dispute resolution. Any company may choose the EU Data Protection Authorities (EU DPAs) to serve as an IRM for dispute resolution; however, any company that wishes to cover ‘human resources data’ (i.e., personal information about employees, past or present, collected in the context of the employment relationship) under its self-certification of compliance pursuant to the EU-U.S. DPF must use the EU DPAs as the IRM for that category of data.

On July 10, 2023, the European Commission’s adequacy decision for the EU-U.S. DPF entered into force. The EU-U.S. DPF Principles entered into effect as of the same date. U.S. based organizations that self-certified their commitment to comply with the EU-U.S. Privacy Shield Framework Principles must comply with the EU-U.S. DPF Principles, including by updating their privacy policies by October 10, 2023. Those organizations do not need to make a separate, initial self-certification submission to participate in the EU-U.S. DPF and may begin relying immediately on the EU-U.S. DPF adequacy decision to receive personal data transfers from the European Union / European Economic Area. The updating and renaming of the privacy principles under the EU-U.S. DPF does not change such an organization’s re-certification due date. Organizations that self-certified their commitment to comply with the EU-U.S. Privacy Shield Framework Principles, but do not wish to participate in the EU-U.S. DPF must complete in accordance with International Trade Administration (ITA) procedures the withdrawal process referred to in section (f) of the Supplemental Principle on Self-Certification.

Effective July 17, 2023, eligible organizations in the United States that wish to self-certify their compliance pursuant to the UK Extension to the EU-U.S. DPF may do so; however, they may not begin relying on the UK Extension to the EU-U.S. DPF to receive personal data transfers from the United Kingdom (and Gibraltar) before the date that the United Kingdom’s anticipated adequacy regulations implementing the data bridge for the UK Extension to the EU-U.S. DPF enter into force. Organizations that wish to participate in the UK Extension to the EU-U.S. DPF must also participate in the EU-U.S. DPF.

On July 17, 2023, the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Principles will enter into effect. Organizations that self-certified their commitment to comply with the Swiss-U.S. Privacy Shield Framework Principles must comply with the Swiss-U.S. DPF Principles, including by updating their privacy policies by October 17, 2023. Those organizations do not need to make a separate, initial self-certification submission to participate in the Swiss-U.S. DPF; however, they may not begin relying on the Swiss-U.S. DPF to receive personal data transfers from Switzerland until the date of entry into force of the Swiss Federal Administration’s anticipated recognition of adequacy for the Swiss-U.S. DPF. The updating and renaming of the privacy principles under the Swiss-U.S. DPF would not change such an organization’s re-certification due date. Organizations that self-certified their commitment to comply with the Swiss-U.S. Privacy Shield Framework Principles, but do not wish to participate in the Swiss-U.S. DPF, must complete in accordance with ITA procedures the withdrawal process referred to in section (f) of the Supplemental Principle on Self-Certification.

For all companies that have chosen or are required to use the EU DPAs as the IRM for dispute resolution (i.e., have agreed to cooperate with and comply with the advice of the EU DPAs concerning the investigation and resolution of complaints brought under the EU-U.S. DPF Principles), an annual fee must be paid to the USCIB in the amount of US $50.00 to cover the operating costs of the EU DPA panel. The USCIB has agreed to serve as the custodian of the funds collected through the EU DPA panel fee, but does not itself serve as an IRM.

Payment to USCIB

You may use the following link to pay US $50.00 to cover the operating costs of the EU DPA panel — https://dataprivacyframework.uscib.org/. A company’s payment of this fee to USCIB does not obviate the need for that company to self-certify its commitment to the EU-U.S. DPF. Information concerning the self-certification process under the Data Privacy Framework (DPF) program administered by the U.S. Department of Commerce, and other resources concerning the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF is available on the Department’s DPF program website: https://www.dataprivacyframework.gov/.

Digital Policy

Published on June 15, 2023

Trends and Challenges Facing the ICT Sector:

The digital transformation of the economy affecting areas from trade to tax to labor as well as emerging technologies such as AI, IoT and Blockchain
The efforts of some UN Security Council members to bring governance of the Internet, management of the domain names system and cybersecurity norms and regulations under the purview of the UN and other intergovernmental forums
Privacy regulations that prove overly burdensome to business operations or hamper innovation

USCIB’s Response:

ICT Policy Committee’s 2021 Goals and Objectives
The 2021 virtual edition of the Joseph H. Alhadeff Digital Economy Conference Series – “A Decade of OECD Internet Principles: Policymaking in a Data-Driven World”.
Works actively on ITU and Internet Governance issues through two newly created task forces that focus specifically on those topics
Proactively shape the development of the OECD’s Going Digital Project and ensure consistencies with G20/B20 work on the digital economy
Advocate a multi-stakeholder model to manage Internet-related issues and to enable business to play a leading role promoting policies aimed at ensuring the safety, security, stability and resilience of the online ecosystem
Support approaches aimed at regulatory interoperability by meeting with USG officials to elevate the Cross-Border Privacy Rules (CBPR) system and to raise support for the joint work of the APEC Data Privacy Subgroup and the European Commission on certification of international data transfers

Magnifying Your Voice with USCIB:

USCIB is the only U.S. business association formally affiliated with the world’s three largest business organizations where we work with business leaders across the globe to extend our reach to influence policymakers in key international markets to American business
Build consensus with like-minded industry peers and participate in off-the-record briefings with policymakers both home and abroad.

USCIB on LinkedIn

Chair

JoAnn Stonier
Mastercard Fellow of Data and AI
Mastercard

Regional and Global Approaches to Digital Policy Task Force

Carolina Costa
Head of Government Relations, Latin America
RELX Group

Chris Wilson
Senior Manager, Public Policy
Amazon

UN Internet Governance Task Force

Flavia Alves
Head of International Institutions & Relations
Meta

Diogo Ide
Senior Program Manager
Microsoft

Staff

Barbara Wanner
Vice President, ICT Policy
202-617-3155 or bwanner@uscib.org

Nan Schechter
Program and Policy Associate, Digital Issues
202-682-7465 or nschechter@uscib.org

Wanner Provides Input to Global Digital Compact on Behalf of US Business

Published on February 13, 2023

A United Nations Intergovernmental Process road map on the Global Digital Compact has been announced by co-facilitators Rwanda and Sweden. To gather input for this new road map, the UN held a consultation with the private sector and the technical community on February 10. USCIB Vice President for ICT Policy Barbara Wanner spoke on behalf of the U.S. private sector, alongside the International Chamber of Commerce (ICC) and ICC-UK.

Wanner’s intervention focused on three issues—internet fragmentation and the growing digital divide, data protection, and the potential of Artificial Intelligence (AI). Throughout her intervention, Wanner urged the Co-Facilitators to continue establishing meaningful ways for stakeholders, like the private sector, to participate in all aspects of the Compact’s development. According to Wanner, multistakeholder cooperation and input will best leverage the expertise of the private sector and civil society and avoid unanticipated consequences.

“The involvement of stakeholders holds the best chance of success and garnering broad support,” she stated.

Regarding internet fragmentation and the digital divide, Wanner noted that various technical, legislative, and policy developments, such as restrictions on data flows, interference with free expression and Internet shutdowns in recent years have caused fragmentation and digital divides to grow.

“Such fragmentation is disrupting the open, interconnected and interoperable Internet and undermining the associated benefits to economic and societal well-being,” said Wanner.

On data protection, Wanner stated that the Compact’s call for data protection and the need to foster trust involves ensuring a safe and empowering online experience.

“USCIB encourages cooperation across government, business, and society to help individuals, especially youth and vulnerable groups, make healthy decisions online, stay safe, build resilience, and develop 21st century skills to thrive in the digital world,” emphasized Wanner.

Regarding AI, Wanner noted the potential of AI to address economic and societal inequalities and environmental challenges but that AI governance policies should be carefully considered to ensure they are narrowly tailored to address specific concerns as they arise.

USCIB also submitted more detailed comments to the UN Tech Envoy’s office.

Business Explores Approach to DNS Abuse Mitigation, Ukraine Crisis Hangs over ICANN

Published on March 23, 2022

For more than two years, members of the Domain Name System (DNS) user community have highlighted the need for more effective Internet Corporation for Assigned Names and Numbers (ICANN) policies and contractual tools to crack down on abuse in the DNS, which spiked during the COVID-19 crisis. ICANN 73, held virtually on March 7-10, featured a plenary that sought to grapple with DNS abuse mitigation in a more focused and actionable manner. Using as reference an academic study commissioned by the European Commission, plenary speakers explored the distinction between maliciously registered domain names versus compromised domain names and discussed why this differentiation is important for timely mitigation.

According to USCIB Vice President for ICT Policy Barbara Wanner, who participated as an industry representative, panelists underscored the need for the ICANN community to work together to address this challenge, recognizing that a one-size-fits-all approach may not be appropriate, that DNS users and providers will have to work both inside the ICANN community as well as reach out to “adjacent organizations” like hosting services to develop effective redress, and that “proportionality of harm” must be considered.

Not surprisingly, according to Wanner, the crisis in Ukraine was top-of-mind for all participants, who offered various views about an appropriate response by ICANN and its constituents. On February 28, the Government of Ukraine asked ICANN to revoke permanently or temporarily the domain name certificates for “.ru,” “.su” among others as sanctions for Russia’s invasion of Ukraine, “… a clear act of aggression and a manifest violation of Article 2.4 of the UN Charter.”

Ukraine’s letter to ICANN CEO Goran Marby further justified such sanctions on grounds that “… atrocious crimes have been made possible mainly due to the Russian propaganda machinery using websites continuously spreading disinformation, hate speech, promoting violence and hiding the truth regarding the war in Ukraine.”

Marby responded that ICANN would not intervene in this conflict. While expressing personal concern about Ukrainians’ well-being as well as the “terrible toll being exacted on your country,” he wrote to Ukrainian authorities that ICANN’s mission “does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the Internet — regardless of the provocations.”

“On March 6, however, the ICANN Board decided to allocate an initial sum of $1 million to be used to provide financial assistance to support access to Internet infrastructure in emergency situations, noting that the distribution ‘will focus on maintaining Internet access for users within Ukraine,’” said Wanner.

On March 7, ICANN further clarified that events in Ukraine would formally be considered an “extenuating circumstance under Section 3.7.5.1 of the 2013 Registrar Accreditation Agreement (RAA). This means that registrars now have the flexibility to extend the domain name registration renewal period for domain name holders in affected areas.

ICANN Board Chair Maarten Botterman further clarified on March 10 that the Board will shortly consider policy advice from the Country Code Names Supporting Organization (ccNSO) aimed at retiring the “.su” domain name.

Wanner Makes Intervention at UN Meeting on Security and Use of ICTs

Published on January 5, 2022

On occasion of the second meeting of the United Nations Open-Ended Working Group (OEWG) on the Security of and Use of ICTs on December 16, USCIB Vice President for ICT Policy Barbara Wanner delivered an intervention on behalf of stakeholders during a virtual stakeholder consultative discussion with the Chair of the Group, Ambassador Burhan Gafoor.

Wanner’s intervention highlighted many of the points that USCIB had already made in a letter that USCIB submitted to the Ambassador on December 9 prior to Wanner’s intervention, which was co-signed by 147 stakeholders from non-governmental organizations, states and regional organizations as well as individuals. The letter expressed an overarching commitment to a successful OEWG process and a belief that it is likely to have a far-reaching impact on many stakeholders, including impacts on communities and individuals. The letter also emphasized the importance of an open, transparent and inclusive dialogue that would provide the basis for stakeholders to play a role in implementing the decisions and which would take into consideration their ability to participate and contribute to the outcome.

“We urge you to stay true to your commitment to continue to leverage the expertise of non-governmental stakeholders in a ‘systematic, sustained, and substantive manner’ in order to effectively build upon the work of the first OEWG,” said Wanner.

Wanner also stressed the need for transparency, both in terms of the development of texts, and the accreditation process for non-governmental stakeholder participation. She also emphasized the need to continue using a hybrid format for meetings to facilitate the participation of delegates and stakeholders who cannot travel to New York.

“This approach will remain critical as we continue to battle the global pandemic. It also will enable full transparency of the proceedings as mentioned previously,” she added.

Wanner Receives ‘2021 Community Recognition’ for Leadership Role in ICANN

Published on November 3, 2021

Barbara Wanner at an ICANN meeting in 2017

USCIB Vice President for ICT Policy Barbara Wanner, who has served as a Business Constituency on ICANN since 2013, has received a 2021 Community Recognition for her dedication to ICANN’s mission and for their invaluable contributions. Wanner is among forty-nine other community leaders to have received a Community Recognition this year.

“The ICANN Board, community, and organization are grateful for the community’s tireless efforts and cooperative spirit shown over the last year,” said David Olive, ICANN Senior Vice President for Policy Development Support and Managing Director for Washington DC. “The collaborative contributions that community members have made through our Supporting Organizations, Advisory Committees, and other groups are central to supporting ICANN’s mission. ICANN org is proud to help facilitate this work toward ensuring the security, stability, and resilience of the Internet.”

“I am honored to have received this recognition from ICANN,” said Wanner. “USCIB’s role in ICANN ensures that policies governing management of the domain name system (DNS) continue to uphold safe, secure, sustainable and resilient operation of the DNS system and the functionality of the Internet. I look forward to continuing to work with my peers and colleagues at ICANN, along with USCIB members to furthering this crucial goal.”

The ICANN Board passed a formal resolution to recognize community leaders.

USCIB Letter Urges Agreement on EU-US Personal Data Flows

Published on July 28, 2021

USCIB submitted a letter to both the U.S. Secretary of Commerce Gina M. Raimondo and the European Commissioner for Justice Didier Reynders regarding the transatlantic agreement on EU-U.S. personal data flows.

The July 14 letter, signed by a variety of sectors across the transatlantic business community, urged a swift agreement for a new, strengthened EU-U.S. framework.

The letter noted: “we were encouraged by the recent EU-U.S. Summit commitment to ‘work together to ensure safe, secure, and trusted cross-border data flows that protect consumers and enhance privacy protections, while enabling Transatlantic commerce’ and to ‘strengthen legal certainty in Transatlantic flows of personal data.’”

According to the letter, thousands of European and American companies continue to be impacted by the EU’s Court of Justice judgement that invalidated the EU-U.S. Privacy Shield Framework just over a year ago.

“USCIB’s ICT Policy Committee will continue to monitor the Privacy Shield negotiations closely and engage with appropriate U.S. Government officials given the importance of a new sustainable transfer framework agreement to reinvigorating both U.S. and EU economic and business interests,” said Barbara Wanner, USCIB vice president for ICT policy.

Digital Economy Conference Assesses a Decade of OECD’s Internet Policy Principles

Published on June 9, 2021

Digital Economy Conference panelists and speakers

USCIB, Business at OECD (BIAC), and the OECD held another successful Digital Economy conference on May 25, which focused on a decade of OECD’s Internet Policy Principles (IPPs) and aptly titled “Policymaking in a Data-Driven World.” Distinguished speakers from the OECD and both the public and private sectors provided insights and expertise during the event: AT&T, Facebook, Microsoft, Google, IBM Ireland, Walmart, the Inter-American Development Bank, the U.S. Department of State, the U.S. Department of Justice, the Office of the Director of National Intelligence, the Center for Democracy and Technology, the Global Internet Forum to Counter Terrorism, MIT, Georgetown University and others.

The IPPs, adopted in 2011, have underpinned the OECD’s evolving work on digital economy issues. The COVID-19 pandemic, which has required many to conduct their lives primarily digitally, highlighted the salience of the IPPs, with its calls for global free flow of information and services, multistakeholder participation in policymaking, and consistent and effective privacy protections and cooperation to ensure Internet security.

“History will likely show that the IPPs were one of the OECD’s more noteworthy contributions to policymaking in a digital economy world,” said USCIB President and CEO Peter Robinson during his opening remarks.

Moreover, these themes have been echoed in recent digital economy work of the United Nations, the U.N. Internet Governance Forum and other multilateral bodies. The virtual conference also considered how the IPPs have been reflected in some of the OECD’s ground-breaking digital work – such as development of the Artificial Intelligence (AI) Principles and how IPPs may be employed to address challenges posed by the rapid pace of digital innovation and related changes to the digital ecosystem.

“Over this past year with the COVID-19 pandemic, we have witnessed an incredible acceleration of the digital transformation which has made our cooperation with the OECD all the more important,” said BIAC Executive Director Hanni Rosenbaum. “We see this third phase of the digital project as a key opportunity to advance, among others, secure and globally interoperable policy frameworks for responsible data sharing and collaboration on cross-border data flows with trust.

The conference was the fifth Digital Economy conference organized by USCIB, BIAC and OECD, and the second conference in the series that has commemorated the late Joseph H. Alhadeff.

USCIB Members Address Network Security During Crises, Environmental Sustainability at IGF

Published on November 18, 2020

The fifteenth Internet Governance Forum (IGF), which was held in two phases November 2 -November 17, featured expert commentary from USCIB members that addressed two of the key thematic pillars of this year’s event – trust and improving the environment. Chris Boyer (AT&T) moderated a USCIB-organized workshop, in which Kathryn Condello (Lumen) highlighted how business and government closely collaborated from the earliest days of the COVID-19 pandemic to ensure secure, stable and reliable connectivity and, in so doing, create a framework for trust in the online environment.

In another USCIB-organized workshop, Matt Peterson (Amazon) and Caroline Louveaux (Mastercard) described their respective companies’ efforts to leverage technologies and their networks to address the planet’s environmental challenges through such initiatives as Amazon’s “Climate Pledge Fund” and Mastercard’s “Priceless Planet Coalition.”

According to USCIB Vice President for ICT Policy Barbara Wanner, both USCIB workshops attracted thirty-five to fifty virtual attendees from stakeholder groups throughout the world and garnered praise for the relevance and insightfulness of speakers’ comments in view of the still-rampant pandemic and challenges to the global environment.

Under the overarching theme ‘’Internet for human resilience and solidarity,” the annual IGF was hosted virtually by the United Nations given COVID-related travel restrictions. Given its virtual nature, the IGF Secretariat estimated that the event brought together more than five thousand leaders and ‎stakeholders of all sectors and all parts of the world, to discuss the impact of the Internet on ‎our lives within four key thematic tracks: (1) Data; (2) Environment; (3) Inclusion and (4) Trust.‎ As mentioned, USCIB members chose to showcase their corporate expertise under the trust and environment themes in two of the more than 200 IGF workshops.

WP ID: 62491 - Doc ID: 0
WP ID: 20666 - Doc ID: 0
WP ID: 2607 - Doc ID: 3624
WP ID: 59747 - Doc ID: 0
WP ID: 57222 - Doc ID: 0
WP ID: 56945 - Doc ID: 0
WP ID: 56678 - Doc ID: 0
WP ID: 56083 - Doc ID: 0
WP ID: 55839 - Doc ID: 0
WP ID: 54491 - Doc ID: 0