Cyber Week in Review: July 12, 2019

France Approves Digital Service Tax: France approved a 3 percent Digital Services Tax (DST) on revenues that large tech companies, particularly those in the digital advertising and e-commerce industries, earn from providing digital services to French customers. The bill addresses long-held frustrations in the use of  complex financial structures or subsidiaries in low-tax areas that allow companies to avoid paying taxes in France and other European countries. In response to these tax moves, the Office of the U.S. Trade Representative has said it will initiate an investigation into the tax, claiming that it unfairly targets American companies.

The DST comes as France is working within multilateral organizations to overhaul the corporate taxation system for the digital age. France was one of the most vocal proponents of closing tax loopholes for multinationals in discussions among G20 finance ministers last month. The ministers are to produce a consensus-based solution with a final report by 2020.

UK Fines Companies for Data Breaches under GDPR: The U.K. has announced its intention to fine British Airways and Marriott International for breaches that compromised the personal and financial data of hundreds of thousands of customers. The penalties, a proposed $230 million for British Airways and $123 million for Marriott, would be the largest-to-date under the EU’s General Data Protection Regulations (GDPR). This move gives greater clarity into how EU regulators will determine whether the security measures a company undertakes are considered “adequate.” British Airways and Marriott have both confirmed their intent to appeal the fines.

United States Loosens Restrictions on Huawei: The United States will relax the blacklisting of Huawei to allow American companies to sell technology to Huawei in cases where there is no threat to U.S. national security, according to U.S. Commerce Secretary Wilbur Ross. This move is seen as an effort to revive trade talks with China and to prevent economic damage to  American companies in sectors where Huawei could easily buy from foreign competitors. White House economic adviser Larry Kudlow said that while American companies will be allowed to sell general merchandise to Huawei, U.S. government purchases of Huawei products and any transactions related to 5G will remain off-limits.    

Across the Atlantic, even as the UK government continues to debate the extent to which the Chinese company should be allowed to supply the next generation of telecom equipment, reports surfaced suggesting mobile service providers in the UK have already begun working with Huawei to supply “non-essential” parts of 5G networks.

Trade Tensions Drive Tech Companies Out of China: Several major U.S. tech companies are planning to shift substantial production out of China as a result of continued trade tensions, according to a report from Nikkei. HP and Dell may relocate up to 30 percent of their notebook production out of China while Microsoft, Alphabet, Amazon, Sony, and Nintendo are also considering shifting smart speaker, game console, and other component manufacturing out of China. Southeast Asia looks to be the big winner. Dell has started a “pilot run” of notebook production in Taiwan, Vietnam, and the Philippines, while Amazon is considering new sites in Vietnam, and Microsoft looking to Thailand and Indonesia.

U.S. Mayors Unite Against Paying Ransom to Hackers: U.S. mayors have come together with a resolution to refuse to pay cyber criminals to recover stolen data in cases of ransomware attacks. This move comes as U.S. cities are under increasing threat of ransomware attacks, such as an attack last month that targeted the city of Baltimore’s government system and one in Florida where hackers remotely encrypted email and other government servers. The measure aligns with recommendations from the FBI, which has warned that paying ransoms incentivizes hackers to continue attacks and can fund other crimes or more sophisticated hacking tools. Those who have paid the ransoms argue, however, that replacing equipment, restoring data, and being unable to operate for days, if not weeks, is often much more costly than paying the ransom. Baltimore's refusal to pay a roughly $75,000 ransom, for example, resulted in costs of approximately $18 million.