The Electronic Privacy Information Center filed an “expedited FOIA request to obtain a secret agreement between U.S. and EU law enforcement agencies concerning the transfer of personal data,” said a post on EPIC’s website Thursday. “‘There is an urgency to inform the public’ about the contents of the agreement.” The Department of Homeland Security has 10 days to respond to EPIC’s Freedom of Information Act request for information on the umbrella agreement, it said.

Dropbox joined the Internet Association, IA said in a news release Thursday. “We’re proud to join the Internet Association and look forward to supporting public policy outcomes that advance the interests of people who use Dropbox," said Amber Cottle, head of Dropbox global public policy and government affairs.

California Gov. Jerry Brown (D) vetoed a drone bill Wednesday that would have allowed trespassing charges to be filed against an individual flying drones less than 350 feet above real property without the express permission of the property owner, regardless whether anyone’s privacy was violated. In his veto message to the Senate, Brown said drone technology raises “novel issues that merit careful examination” but said he vetoed SB-142 because, “while well-intentioned,” it “could expose the occasional hobbyist and the FAA-approved commercial user alike to burdensome litigation and new causes of action.” Brown asked the state Senate to look at this issue more carefully. Brown signed a bill proposed by Sen. Anthony Cannella (R), SB-676, that enables easier prosecution of those who engage in cyber exploitation and revenge porn. Meanwhile, California’s Electronic Communications Privacy Act (SB-178) passed the Senate 32-4 Wednesday.

Microsoft released 12 updates to address vulnerabilities in Microsoft Windows that may allow an attacker to take control of an affected system, said a U.S. Computer Emergency Readiness Team alert Tuesday.

The Center for Democracy & Technology, Electronic Frontier Foundation, New America’s Open Technology Institute and the World Privacy Forum filed an amicus brief in Spokeo v. Robins Tuesday. They asked the court to “preserve the ability of individuals to file private claims for privacy violations as granted by federal laws,” a CDT news release said. In the case, Thomas Robins filed a claim against data broker Spokeo under the Fair Credit Reporting Act, citing inaccuracies in the report. The 9th U.S. Circuit Court of Appeals ruled Robins had the legal standing to sue, but Spokeo appealed to the Supreme Court in 2014. “Limiting the ability of individuals to file claims would be a step in the wrong direction,” said CDT Policy Counsel G.S. Hans, because spreading inaccurate information is pervasive and potentially catastrophic for individuals because the information can be used in credit reports that affect loans, housing and employment decisions, the release said. “In the digital age, the Fair Credit Reporting Act's private right of action plays a central role in promoting accuracy and limiting unfair decisions, just as it did when it was first enacted forty-five years ago,” Hans said. “A broad ruling in this case could prevent claims under a host of other federal privacy laws that remain relevant in the modern era, going well beyond the Fair Credit Reporting Act.”

Adobe released a security update to address vulnerabilities in Shockwave Player that may have allowed a remote attacker to take control of an affected system, said a U.S. Computer Emergency Readiness Team alert Tuesday.

“Tech companies may be our best hope for resisting government surveillance,” wrote University of Washington law school assistant professor Ryan Calo, who specializes in cyber law and privacy, in an opinion column for Fusion Monday. Apple's and Google’s decisions to make government surveillance harder reflect public opinion, said Calo, who's also an affiliate scholar at the Stanford Law School Center for Internet and Society and Yale Law School Information Society Project. By making end-to-end encryption available on Google's and Yahoo’s email platforms, privacy is becoming accessible to everyone -- not just tech-savvy users, Calo said. “Our data custodians designing against mass surveillance is the most promising development that we’ve seen,” he said. The public can vote for privacy-friendly legislators and challenge surveillance practices in court, but tech companies “may be our best chance out of this surveillance mess,” Calo said.

The FTC’s first Start with Security Conference, directed toward startups and developers, will begin at 10 a.m. PDT Wednesday in San Francisco, and will be webcast, an FTC news release said Tuesday. FTC Chairwoman Edith Ramirez and FTC Western Region Regional Director Tom Dahdouh will open the event, followed by panels on how startups can build a culture of security; how to test and review security applications using automated technology; how to respond to hackers; and how to implement security features like sitewide Secure Sockets Layer, Content Security Policy and multifactor authentication, said the event schedule. FTC Chief Technologist Ashkan Soltani will moderate a "fireside chat" with Accel Partner Arun Mathew on investing in security.

People globally entrust the privacies of life to California companies, so Californians should lead in protecting privacy and pass the California Electronic Communications Privacy Act (Cal-ECPA), wrote University of California-Davis Law School professor Anupam Chander in an opinion on the People's Vanguard of Davis website Sunday. Cal-ECPA was discussed on the floor of the California State Assembly Tuesday, ahead of the Interim Study Recess beginning after the assembly is adjourned on Friday, and has received bipartisan support, he said. Last week, the California state associations of police chiefs, state sheriffs, and district attorneys withdrew their earlier opposition to the bill, he said. Cal-ECPA would require state law enforcement “to get a warrant before they can access electronic information about who we are, where we go, who we know, and what we do,” but since it would apply only to California state officials, federal reform is still needed, he said. Meanwhile, University of Maryland law professor Danielle Citron tweeted Tuesday that Cal-ECPA is a “well-crafted bill that balances the need to protect against online predatory behavior and safeguarding privacy.”

EU and U.S. officials reportedly reached agreement on trans-Atlantic data transfers Tuesday after four years of negotiations, a Computer & Communications Industry Association news release said. The agreement on how data can be shared for law enforcement purposes will “not take effect until approved by the European Parliament, which is waiting for the U.S. to pass the Judicial Redress Act,” the release said. Congress now must take the next step toward restoring trust in trans-Atlantic data transfers and pass the Judicial Redress Act, said CCIA Privacy Counsel Bijan Madhani. CCIA Europe Director Christian Borggreen also urged Congress to pass the legislation, saying the long-awaited agreement is “welcomed news” that will “help restore transatlantic trust.”