UN Evidence Conference in San Francisco

Exploring the Impact of CLOUD Act and GDPR on Tech Startups at the UN Evidence Conference

July 26, 2018

Imagine you’re the CEO of a new social media startup. One morning, you wake up to see an urgent email request from a French prosecutor. “We’ve recently had a homicide in Paris. A member of your social network is the prime suspect and we have reason to believe that information shared by this user on your network will help solve this case. We need all of the data for this user immediately. Please respond with the information requested within 24 hours.” After researching the name and email of the prosecutor to make sure the it’s legitimate, what do you do?

Your network’s moderation technology blocks a post that encourages people to join a terrorist organization. Do you report the post to law enforcement, or something else?

A German citizen who uses your network contacts your company and demands that you remove a series of posts he’s made that discuss ISIS. What do you do?

The Challenges of Reacting to Difficult Legal Situations as a Tech Startup

With people and organizations working harder than ever to exploit the internet to commit crimes and grow terrorism efforts, events like those above occur daily. For small technology companies, it can be challenging to know how to respond. A single mistake could put a startup at risk of legal and financial repercussions.

There is building pressure on startups to handle these situations properly from government agencies, who are racing to enact legislation to get ahead of criminal threats, protect privacy, and counter terrorist activity. But with few legal resources available to navigate the complex legislation being rolled out across the globe, how can an early-stage company hope to keep up?

The good news is that small companies in this space are not alone. International and domestic institutions are helping early-stage tech companies understand how to effectively follow new legislation and handle questionable situations while still protecting their business interests.

UN Evidence Conference in San Francisco

UN Evidence Conference

On July 12, 2018, After School’s Jeff Collins attended the UN Evidence Conference in San Francisco. The four-hour event, titled Lawful Access to Digital Data Across Borders, was held to “facilitate a public-private sector dialogue on key recent developments.” Officials from the EU, U.S. Department of Justice, and UN provided guidance on how companies large and small should approach compliance in a time when many legal gray areas still exist. The main discussions centered around the CLOUD Act and GDPR (General Data Protection Regulation). Participants included Google Senior Counsel Einat Clarke, Uber Law Enforcement Lead Wade Stormer, Tom Dettore from the U.S. Department of Justice, and others.

This legislation is impacting tech companies and how they can collect, maintain, and use data both internally and externally. After School works to ensure that we’re fully compliant with the GDPR, CLOUD Act, and similar laws. These events help organizations like ours stay up to date and in compliance with new legislation.

Event organizers and attendees toured the After School headquarters in San Francisco with Collins after the event. Collins discussed the ins and outs of After School, our challenges as a tech startup, and how the assistance of these groups and individuals helps us as we expand. UN and NGO representatives inquired about how they could most effectively help startup like After School.

Startups traditionally have limited resources, restricting their ability to grow while adapting quickly to new laws and requirements around data. One common communication received by startups, especially within the social media industry, is an evidence request, similar to what the French prosecutor requested in the first example. The UN previewed a draft of the “Guide for Practitioners on Digital Data” at the conference. This soon-to-be-released guide provides startups, law enforcement, and others with instructions on how to request and process preservation and evidence requests when a crime or potential crime has been committed. These resources help ease the burden that GDPR and the Cloud Act put on early-stage companies, and help foster collaboration between law enforcement, companies, and the judiciary system.

“According to event organizers, after a crime is committed, the first question typically asked by law enforcement is ‘what is person’s email, can I access their email records?’” said Collins. These requests can help solve crimes when the information is available, however, privacy concerns and questions about the responsibility of technology companies to provide this information remain in question. Through collaboration and similar efforts, we can overcome these challenges. 

After School continues to partner with nonprofit organizations, work alongside other companies, and cooperate with government agencies and officials to assist in preventing crimes and the spread of terrorism while protecting the privacy of users. For more information on After School’s data privacy and protection policies and procedures, please contact press@afterschoolapp.com.

Read More