Rep. Pramila Jayapal has called it the biggest threat to Medicare youve never even heard of. Its known as Direct Contracting (DC), a program concocted by the Trump administration and not yet ended by the Biden administration to fully privatize Medicare.

DC is patterned after Medicare Advantage, the publicly financed, privately owned, hugely profitable version of Medicare now enrolling 26 million people at an annual cost of $343 billion. Simply put, DC is Medicare Advantage (MA) on steroids.

The growth of Medicare Advantage is a 35-year-long saga of a program conceived as a cheaper, better Medicare transformed into a behemoth that has not saved one cent nor produced better outcomes. Yet MA has beaten back every attempt to make it accountable for its cost and care. Like the Hydra, each victory adds more heft.

The politics of MA are complicated, not merely because, like the oil and gas industry, it generates enough money for large insurance companies to convert $150 million of profits into campaign contributions. By design, Medicare Advantage covers the costs of health care that are not covered at all or only partially paid by Medicare. Its 26 million enrollees are a silent majority, potentially available to threaten any elected official brave enough to challenge the program. But that leaves the public with worse health coverage and a model of privatization that could prove disastrous.

Medicares sole purpose in 1965 was to extend health coverage to the elderly by paying their doctor and hospital bills. In a Faustian bargain, Congress sacrificed Medicares regulatory role in return for the support of the hospital-operated Blue Cross Association and physician-owned Blue Shield plans, which set payment policies. The only constraint, medical necessity, was defined as any treatment ordered by a licensed doctor.

The actuary to the House Ways and Means Committee had confidently predicted an initial $2.2 billion price tag, increasing over 25 years to $12.4 billion in 1990. Instead, the initial price doubled by 1969 and reached $12.4 billion in 1973, just four years later.

In 1970, pediatrician Paul Ellwood, the apostle of managed care, presented a solution to reduce health care spending that he dubbed a health maintenance organization (HMO). Elwood was no fan of Medicare, famously calling it a crappy insurance policy. He believed private, prepaid, integrated physician practices could be incentivized to provide better care at less cost. At the time, nonprofit HMOs like Kaiser and Group Health had an admirable record of lower cost and better outcomes than traditional fee-for-service health care.

Then-President Nixon shared Ellwoods enthusiasm, but with a different agenda. Heres a transcript of a taped conversation between Nixon and John Ehrlichman, his chief domestic-policy adviser.

Ehrlichman: Edgar Kaiser is running his Permanente deal for profit the reason he can do it I had Edgar Kaiser come in talk to me about this and I went into it in some depth. All the incentives are toward less medical care, because

President Nixon: [Unclear.]

Ehrlichman: the less care they give them, the more money they make.

President Nixon: Fine.

Nixon was later presented with a plan, which became the HMO Act of 1973, to reduce federal spending in a manner that promised to be undetectable to participants. The alternatives to HMOs as a cost-containment strategy were politically unpalatableeither reducing benefits or reimposing price controls. The HMO program promised no blowback from beneficiaries or providers, at a time when the administration was struggling to gain leverage over inflation. HMOs fell out of favor due to narrow provider networks and instances of denied care. But it led to a subtler alternative: Medicare Advantage.

Unlike the Defense Departments TRICARE and the Veterans Health Administration, Medicare is not a public health care system. It is public financing that relies on a joint public-private insurance arrangement. The rules are set by the Centers for Medicare & Medicaid Services (CMS) and Congress, and the claims processed by insurance companies under contract to the federal government. Money from the Medicare Trust Fund, taxes, and beneficiary premiums secure services from the private U.S. health care system.

Medicare Advantage changes one critical element: the intermediary between the money and the services. Medicare still pays, but with MA it turns over all parts of the insurance function, including enforcing the rules for medical necessity and deciding how much to pay providers, to private companies. Retirees can choose from 3,834 plans offered by nine different companies in 2022. Four in ten Medicare beneficiaries have joined. Humana and UnitedHealthcare own half the MA plans.

Traditional Medicare leaves lots of holes that retirees must otherwise fill out of their own pockets. It does not cover vision, hearing, dental, or long-term care. Beneficiaries are responsible for monthly premiums, deductibles, and coinsurance (known as cost-sharing). And unlike commercial insurance, it has no cap on out-of-pocket spending. The extra cost added up to $6,509 per person in 2018, according to an AARP-commissioned study.

Twenty-six million people find MA a deal they cannot refuse. They gave up their hard-earned red, white, and blue Medicare card for one supplied by Humana, UnitedHealth, Anthem, Aetna, Kaiser, or another company. Like HMOs, the plans offer less freedom of choice, with limited provider networks and prior-approval requirements in exchange for sharply reduced and capped out-of-pocket expenses, and additional benefits like gym memberships.

Most recent retirees do not find the restrictions new or particularly burdensome. Anyone previously insured through an employer health plan dealt with very similar constraints.

The MA profit-making formula is simple: get a large sum of money from the Feds, spend less than traditional Medicare, give some of the excess to beneficiaries, and pocket the difference. Over the last 12 years (20092021), Medicare paid the MA plans $140 billion more than would have been spent if the same people stayed in Medicare. Put another way, Medicare during these years would have saved enough to pay for the enhanced Child Tax Credit in 2022, and then some.

MA plans follow the design of commercial insurance, with the beneficiary choosing between either an HMO, with a closed provider panel, or a PPO, which rewards participants who stay in its provider network. Either way, the insurance company constructs reimbursements and utilization checks to spend less than traditional Medicare.

MA companies have perfected the art of denying claims by requiring preauthorization of many services, especially expensive ones. For example, doctors treating UAW retirees for orthopedic injuries, a frequent legacy of assembly line work, must get MA prior approval for 246 specific procedures, or else the plan does not guarantee payment. MA plans deny 4 percent of claims for prior authorization and 8 percent for post-service payment requests. Very few people appeal. When they do, the HHS Office of Inspector General found that denials were reversed more than three-quarters of the time.

Just to see how it would fall out, Aaron Schwartz and colleagues at the University of Pennsylvania reprocessed 6.5 million traditional Medicare Part B claims as if they were subject to MA prior authorization. Approximately one million might have been denied, accounting for 25 percent of Part B spending.

Our study found that health care spending for enrollees in Medicare Advantage plans is 10 to 25 percent lower than for comparable enrollees in traditional Medicare, said Amy Finkelstein, an MIT economist and one of the authors of an influential 2017 paper. Insurance companies earned gross margins of $2,256 per enrollee in 2020, more than double what they made in the group market.

Spending less would make perfect sense if MA enrollees were healthier. They are not. Medicare Advantage enrollees do not differ significantly from beneficiaries in traditional Medicare, the Commonwealth Fund reported in October, in terms of their age, race, income, chronic conditions, satisfaction with care, or access to care. Health outcomes are similarly no better or worse.

Over the past 30 years, laws were passed and regulations issued to contain costs and protect MA beneficiary access to care. Managed-care sponsors found ways around the rules.

Assuming HMOs to be more efficient, in 1985 the government set the payment rate at 95 percent of what would otherwise have been spent in Medicare. The plans needed to match traditional Medicare benefits but could make their own arrangements with hospitals, doctors, and labs, and keep the difference.

With the freedom to choose how much they paid out and where and whom they enrolled, the companies scammed the program by finding healthier retirees living in counties where rates were high. No plan operating in any U.S. county enrolled a sicker-than-average group of elderly people, according to a comprehensive Mathematica study commissioned by the Reagan administration. Despite this, expenditures for MA were approximately 5.7 percent higher than they would have been for traditional Medicare, despite getting 5 percent less from the feds.

The Clinton administration tried again to save money with HMOs. We think that payment rates that are 90 percent, rather than the current 95 percent, of community fee-for-service rates are appropriate, said Bruce Vladeck, Clintons head of the Health Care Financing Administration (HCFA). He wasnt able to go that far, but significant cutbacks were made in 1997s Balanced Budget Act (BBA).

The BBA established a national growth cap and, under threat of penalty, forced the HMOs to stop cherry-picking. Since health care costs were increasing faster than the cap, and the plans had less ability to exploit healthier enrollees, the BBA effectively cut HMO margins. But the howl from the private plans was so loud that Congress subsequently loosened the buckle in 1999 and 2000. Even with the changes, BBA managed care did not save Medicare money. Plans were still outpacing traditional Medicare costs by 2 percent.

George W. Bushs Medicare Modernization Act (MMA) removed the BBA caps and increased funding, adding millions to MA payments. The price tag for excess spending during the first decade of the 21st century was $150 billion.

We, right now, give $15 billion every year as subsidies to private insurers under the Medicare system. Doesnt work any better through the private insurers, Sen. Barack Obama said in 2008, during the first presidential debate with Sen. John McCain. They just skim off $15 billion. That was a giveaway and part of the reason is because lobbyists are able to shape how Medicare works. Candidate Obama pledged to make MA no more costly than traditional Medicare.

By tweaking some elements, the Affordable Care Act (ACA), according to the Congressional Budget Office, would reset MA spending to no more than 101 percent of traditional Medicare. The result was to be an estimated $136 billion saved over ten years.

Just two years later, the plans got it all back. The insurance industry chalked up one of its greatest political victories in recent memory on Monday, Politico reported on April 3, 2013, as the Obama administration reversed course on a proposal to cut Medicare Advantage rates. With a sleight of hand so obvious that CMSs actuary publicly repudiated the move (conflicts with the Offices professional judgment), CMS increased MA rates by 3.3 percent, rather than cutting them by 2.3 percent.

In March 2021, MedPAC, an independent Medicare monitor that reports to Congress, reviewed the impact of the ACA. It found that aggregate plan payments under the ACA were similar to [traditional Medicare] levels for only one year before rising above.

No one even mentions MA as a cost-containment strategy anymore. The larger and richer the plans have become, the less leverage the feds have to regulate the industry. While the funding still comes from the U.S. Treasury, dispersed under the aegis of Congress, most of the power has passed to the companies.

Insurance companies have consistently found innovative ways to protect their bottom lines. A major one involves claiming MA enrollees are sick, even if they arent.

Doctors and hospitals in MA networks are frequently offered extra payments simply to record every ailment, whether treating it or not (a practice known as risk coding). In an 8,000-word article in respected health policy journal Health Affairs, Drs. Don Berwick and Richard Gilfillan detail how upcoding affords almost unlimited opportunities to manipulate the system to make money. They present the hypothetical case of Ms. Jones, a 72-year-old MA enrollee being treated for type 2 diabetes and congestive heart failure. With a risk adjustment score of 1.029, the annual payment for her is $9,000. Her physicians are paid extra to code all her ailments. Now her scorecard adds morbid obesity, major depression, COPD, and a pressure ulcer on her right heel. With no additional medical care or cost, the MA company is now paid $32,000, because Ms. Joness risk score totals 3.633.

As a result of this upcoding, Medicare gave MA plans $9 billion more in 2019 than it would have if the same beneficiaries had enrolled in traditional Medicare.

Another way MA reaps more funds is through star bonus payments. CMS began publishing evaluations of MA plans in 2009 to assist beneficiaries in plan selection. Numerical values were assigned to variables measuring care processes, outcome, patient experience, and access. The numbers are summarized on a scale of five stars.

In the original star publication, 1 in 7 plans scored four or 4.5 stars, and none were awarded five. For the 2022 plan year, 7 out of 10 received four-plus stars and 16 percent of plans were given fives. Is there improved quality, or teaching to the test?

MA companies began paying more attention to the star variables after the ACA anointed the system as a quality control mechanism and authorized bonuses based on stars. Critically, bonus payments are not budget-neutral. The more plans that qualify, the more the feds spend. MedPAC estimates that bonus payouts added about $6 billion to the 2019 MA bill.

Do bonus payments result in better care? The answer is no. Under the headline The Medicare Advantage Quality Bonus Program Has Not Improved Plan Quality, University of Michigan researchers compared four million MA claims to the same number of commercial insurance claims. [T]hese results suggest that the quality bonus program did not produce the intended improvement in overall quality performance of MA plans.

A lot of the new capital is moving into setting up new Medicare Advantage plans because theyre growing rapidly, and the future is bright, Peter Orszag, CEO of Financial Advisory at investment firm Lazard and former Obama OMB administrator, told Business Insider. The possibility for payouts like the one for Ms. Jones has lured hedge funds and venture capitalists to invest in data mining companies and care aggregators, which are developing new ways to maximize MAs profitable deals. Berwick and Gilfillan found investors spent $50 billion to buy into MA-focused firms in a recent 18 months.

Direct contracting would privatize the remainder of traditional Medicare. Drawing on the MA experience, Direct Contracting Entities (DCEs) would serve as intermediaries between traditional Medicare beneficiaries and their medical-care providers. The DCE would receive an MA-like monthly payment for a specific population. It would make deals with networks of providers, manage beneficiary care and costs, and pay the bills, while keeping the difference. Medicares only role would be as banker.

In December 2021, CMS reiterated its invitation to organizations that currently operate in Medicare Advantage to become DCEs, targeting the very MA insurers and investor-controlled provider firms that are driving MA overpayments. One such firm, Oak Street, a for-profit organizer of MA providers, labeled MA as its core market and direct contracting as its opportunity in a November 2021 corporate presentation.

While the Biden administration put a halt to the most extreme form of direct contracting, it has moved ahead with two others. Fifty-three bidders have been designated in the first class of DCEs. They include 28 investor-controlled plans including Oak Street, six insurers, and 19 health care providerowned companies. The investor and insurer DCEs will be operating in 38 states and have access to 84 percent of all beneficiaries.

Many on Wall Street are licking their chops. Clover, a 50,000-member, San Franciscobased MA plan, expects to harvest a direct-contracting bonanza large enough to justify its $1.2 billion IPO. HHS senior official Liz Fowler (an architect of the Affordable Care Act) projects the transition of all traditional Medicare to DC to be complete by 2030.

According to the Biden administration, Direct Contracting will facilitate the next evolution of risk-sharing arrangements to produce value and high-quality health care. Berwick and Gilfillan believe that the Direct Contracting model seems to have ignored the lessons learned from the experience of MA.

One of the principal lessons learned by private MA is how managing care is so easily morphed into managing costs, and how much excess revenue that produces. The private Medicare companies have succeeded in getting the feds to turn over more and more to them while obliterating the notion that HMOs would save money or improve care. Their power to extend their reach to all $880 billion in Medicare spending is embedded in the program itself. The more money and beneficiaries they control, the more juice they have to control more.

Last fall, 13 U.S. senators (eight Democrats and five Republicans) sent a letter promising to stand ready to protect MA from payments cuts. The letter was part of a long stream of such letters ritualistically issued by lawmakers at the urging of the industry, every time anyone announces consideration of MA cost control. This latest version of the pledge was precipitated by a draft of the Build Back Better Act that would include hearing, vision, and dental benefits in the regular Medicare menu for the first time, threatening one of the main selling points of MA.

The campaign against the new benefits was intense and a little weird. AHIP, the insurance industry lobbying group, stated that adding these services could negatively affect the benefits available to MA recipients, because it might lead to a cut in the payments made to MA plans. AHIPs press release stated it would be bad for all seniors, even though all seniors are not in MA plans. Politico quoted an industry insider describing a recent $2.6 million ad campaign against the new Medicare benefits. We know members are already telling leadership: We cant take attack ads saying were cutting Medicare. They know the public isnt going to distinguish between the private and public pieces of it.

What the senators and lobbyists understand is that MA depends on the threat of an uprising of unhappy seniors. Its a potent terror. Some electeds are swayed by campaign contributions. But these would matter very little without the potential mobilization of 64 million beneficiaries, their concerned children, and grandchildren.

The experts have proposed sophisticated technical fixes to remedy MAs overpayments. It might work, as the Balanced Budget Act and the ACA did, for a while. The Department of Justice has filed cases against such large MA providers as Kaiser, United, and Anthem for submitting false risk adjustment claims. The Justice Department has even opened an inquiry into Oak Streets practices.

But neither more regulation nor billion-dollar fines will suffice. The history of the MA dance shows that by the time the music ends, the private partner has swept the public one off her feet. Hes taken control over every step.

To put a stop to MAs distortions and its systematic theft would require a campaign to make Medicare a more public health insurer. From the start, it ceded significant financial authority to private hospitals, doctors, pharmaceutical, and insurance companies. The more beneficiaries and money handed over to MA, the greater its power to resist. The ascendency of DC is the latest and most serious warning sign that the private profit-maximizers are close to victory. Nothing short of full public control can keep that from happening.

Protection of public Medicare requires that its beneficiaries be offered a better way to get affordable health care. I feel guilty that my enrollment in a UnitedHealthcare MA plan contributes to that companys money and power. Yet I am on MA because without it, Medicare is a very risky proposition. I could be impoverished trying to pay for my health care. MA is the only plan I can afford.

History shows that the federal governments attempt to harness the perceived benefits of managed care to Medicare by attempting to separate for-profit entities from profit-maximizing behavior has failed. Instead of throwing more money at MA to reform it, trying to cut MA payments, or regulating, perhaps the solution is starving the beast. With reduced cost-sharing and service expansion, people would have less incentive to enroll in MA. The fewer beneficiaries, the less money paid out, the less power.

A campaign to improve Medicare might be the only political avenue open to those who want to save it.

View post:

The Dark History of Medicare Privatization - The American Prospect

Mentions of digitalisation within the filings of companies in the mining industry fell 25% between the second and third quarters of 2021.

In total, the frequency of sentences related to digitalisation between October 2020 and September 2021 was 480% higher than in 2016 when GlobalData, from whom our data for this article is taken, first began to track the key issues referred to in company filings.

When companies in the mining industry publish annual and quarterly reports, ESG reports, and other filings, GlobalData analyses the text and identifies individual sentences that relate to disruptive forces facing companies in the coming years. Digitalisation is one of these topics companies that excel and invest in these areas are thought to be better prepared for the future business landscape and better equipped to survive unforeseen challenges.

To assess whether digitalization is featuring more in the summaries and strategies of companies in the mining industry, two measures were calculated. Firstly, we looked at the percentage of companies which have mentioned digitalization at least once in filings during the past twelve months this was 63% compared to 31% in 2016. Secondly, we calculated the percentage of total analysed sentences that referred to digitalisation.

Of the 50 biggest employers in the mining industry, Metalurgica Gerdau SA was the company which referred to digitalisation the most between October 2020 and September 2021. GlobalData identified 33 digitalisation-related sentences in the Brazil-based company's filings 3.2% of all sentences. Tata Steel Ltd mentioned digitalisation the second most the issue was referred to in 1.2% of sentences in the company's filings. Other top employers with high digitalisation mentions included MMC Norilsk Nickel, Severstal, and Sandvik AB.

Across all companies in the mining industry, the filing published in the third quarter of 2021 that exhibited the greatest focus on digitalisation came from Metalurgica Gerdau SA. Of the document's 1,030 sentences, 33 (3.2%) referred to digitalisation.

This analysis provides an approximate indication of which companies are focusing on digitalisation and how important the issue is considered within the mining industry, but it also has limitations and should be interpreted carefully. For example, a company mentioning digitalisation more regularly is not necessarily proof that they are utilising new techniques or prioritising the issue, nor does it indicate whether the company's ventures into digitalisation have been successes or failures.

In the last quarter, companies in the mining industry based in Eastern Europe were most likely to mention digitalization with 0.58% of sentences in company filings referring to the issue. In contrast, companies with their headquarters in the US mentioned digitalisation in just 0.07% of sentences.

Flexible Containers for Lubricants, Greases and Liquids

Link:

Filings buzz in the mining industry: 25% decrease in digitalisation mentions in Q3 of 2021 - Mining Technology

A decision by Austrias data protection watchdog upholding a complaint against a website related to its use of Google Analytics does not bode well for use of US cloud services in Europe.

The decision raises a big red flag over routine use of tools that require transferring Europeans personal data to the US for processing with the watchdog finding that IP address and identifiers in cookie data are the personal data of site visitors, meaning these transfers fall under the purview of EU data protection law.

In this specific case, an IP address anonymization function had not been properly implemented on the website. But, regardless of that technical wrinkle, the regulator found IP address data to be personal data given the potential for it to be combined like a puzzle piece with other digital data to identify a visitor.

Consequently the Austrian DPA found that the website in question a health focused site called netdoktor.at, which had been exporting visitors data to the US as a result of implementing Google Analytics had violated Chapter V of the EUs General Data Protection Regulation (GDPR), which deals with data transfers out of the bloc.

US intelligence services use certain online identifiers (such as the IP address or unique identification numbers) as a starting point for the surveillance of individuals, the regulator notes in the decision [via a machine translation of the German language text], adding: In particular, it cannot be excluded that these intelligence services have already collected information with the help of which the data transmitted here can be traced back to the person of the complainant.

In reaching its conclusion, the regulator assessed various measures Google said it had implemented to protect the data in the US such as encryption at rest in its data centers; or its claim that the data must be considered as pseudonymous but did not find sufficient safeguards had been put in place to effectively block US intelligence services from accessing the data, as required to meet the GDPRs standard.

As long as the second respondent himself [i.e. Google] has the possibility to access data in plain text, the technical measures invoked cannot be considered effective in the sense of the above considerations, it notes at one point, dismissing the type of encryption used as inadequate protection.

Austrias regulator also quotes earlier guidance from German DPAs to back up its dismissal of Googles pseudonymous claim noting that this states:

the use of IP addresses, cookie IDs, advertising IDs, unique user IDs or other identifiers to (re)identify users do not constitute appropriate safeguards to comply with data protection principles or to safeguard the rights of data subjects. This is because, unlike in cases where data is pseudonymised in order to disguise or delete the identifying data so that the data subjects can no longer be addressed, IDs or identifiers are used to make the individuals distinguishable and addressable. Consequently, there is no protective effect. They are therefore not pseudonymisations within the meaning of Recital 28, which reduce the risks for the data subjects and assist data controllers and processors in complying with their data protection obligations.

The DPAs wholesale dismissal of any legally relevant impact of the bundle of aforementioned Technical and Organizational Measures (such as standard encryption) which were cited by Google to try to fend off the complaint is significant because such claims are the prevailing tactic used by US-based cloud giants to try to massage compliance and ensure EU-to-US data transfers continue so they can continue business as usual.

So if this tactic is getting called out here, as a result of a single websites use of Google Analytics, it can and will be sanctioned by EU regulators elsewhere. After all, Google Analytics is everywhere online.

(See also the extensive list of extremely standard measures cited by Facebook in an internal assessment of its EU-to-US data transfers in which it too tries to claim compliance with EU law, per an earlier document reveal.)

The complaint back story here is that back in August 2020 European privacy campaign group noyb filed a full 101 complaints with DPAs across the bloc targeting websites with regional operators that it had identified as sending data to the US via Google Analytics and/or Facebook Connect integrations.

Use of such analytics tools may seem intensely normal but legally speaking, in the EU its anything but because EU-to-US transfers of personal data have been clouded in legal uncertainty for years.

The underlying conflict boils down to a clash between European privacy rights and US surveillance law as the latter affords foreigners zero rights over how their data is scooped up and snooped on, nor any route to legal redress for whatever happens to their information when its in the US, making it extremely difficult for exported EU data to get the necessary standard of essentially equivalent protection that it gets at home when its abroad.

To radically simplify: EU law says European levels of protection must travel with data. While US law says were taking your data; were not telling you what were doing; and you cant do anything about it anyway, sucker!.

US cloud providers that are subject to Section 702 of the Foreign Intelligence Surveillance Act (FISA) are all in the frame which takes in a broad sweep of tech giants, including Google and Facebook, since this law applies broadly to electronic communications services.

While Executive Order 12,333, a Reagan era mandate thats also relevant as it also expanded intelligence agency powers to acquire data, is thought to target vulnerabilities in telecoms infrastructure.

The EU-US legal clash between privacy and surveillance dates back almost a decade at this point.

It was catalyized by the 2013 Snowden disclosures which revealed the extent of US government mass surveillance programs and led, back in 2015, to the EUs Court of Justice to invalidate the Safe Harbor arrangement between the bloc and the US on the grounds that EU data could no longer be considered safe when it went over the pond.

And whereas Safe Harbor had stood for around 15 years, its hastily agreed replacement the EU-US Privacy Shield lasted just four. So the lifespan of commercially minded European Commission decisions seeking to grease transatlantic data flows in spite of the massive privacy risks has been shrinking radically.

Some complaints about risky EU-to-US data transfers also date back almost a decade at this point. But theres fresh enforcement energy in the air since a landmark ruling by the CJEUin July 2020 which struck down the Commissions reupped data transfer arrangement (Privacy Shield), which since 2016 had been relied upon by thousands of companies to rubberstamp their US transfers.

The court did not outlaw personal data transfers to so-called third countries entirely. Which is why these data flows didnt cease overnight smack bang in the middle of 2020.

However it clarified that such data flows must be assessed on a case by case basis for risks. And itmade it clear that DPAs could not just turn a blind eye to compliance hi Ireland! rather they must proactively step in and suspend transfers in cases where they believe data is flowing to a risky location like the US.

In a much watched for follow-on interpretation of the court ruling, the European Data Protection Boards (EDPB) guidance confirmed that personal data transfers out of the EU may still be possible if a set of narrow circumstances and/or conditions apply. Such as the data can be genuinely anonymized so that it is truly no longer personal data.

Or if you can apply a suite of supplementary measures (such as technical stuff like applying robust end-to-end encryption meaning theres zero access to decrypted data possible by a US entity) in order to raise the level of legal protection.

The problem for adtech firms like Google and Facebook is that their business models are all about accessing peoples data. So its not clear how such data-mining giants could apply supplementary measures that radically limit their own access to this core business data without a radical change of model. Or, well, federating their services and localizing European data and processing in the EU.

The Austrian DPA decision makes it clear that Googles current package of measures, related to how it operates Google Analytics, is not adequate because it does not remove the risk of surveillance agencies accessing peoples data.

The decision puts heavy underscoring on the need for any such supplementary measures to actually enhance standard provisions if theyre to do anything at all for your chances of compliance.

Supplementary of course means extra. tl;dr you cant pass off totally standard security processes, procedures, policies, protocols and measures as some kind of special Schrems II-busting legal magic, no matter how much you might want to.

(A quick comparable scenario that might hammer home the point: One cant legally speaking hold a party during a pandemic if lockdown rules ban social gatherings simply by branding a bring your own bottle garden soire as a work event. Not even if youre the prime minister of the UK. At least not if you want to remain in post for long, anyway )

Its fair to say that the the tech industry response to the Schrems II ruling has been a massive, collective putting of heads into sand. Or, as the eponymous Max Schrems himself, honorary chair of noyb, puts it in a statement: Instead of adapting services to be GDPR compliant, US companies have tried to simply add some text to their privacy policies and ignore the Court of Justice. Many EU companies have followed the lead instead of switching to legal options.

This charade has been possible because to date there hasnt been much regulatory renforcement following the July 2020 ruling.

Despite the European Data Protection Board warning immediately that there would be no grace period for coming into compliance.

To the untrained eye that might suggest the industrys collective strategy of ignoring the legal nightmare wrapping EU-to-US transfers in the hopes the problem would just go away has been working.

But, as the Austria decision indicates, regulatory gears are grinding towards a bunch of rude awakenings.

The European Commission which remains eager for a replacement to the EU-US Privacy Shield has also warned there will be no quick fix this time around, suggesting major reforms of US surveillance law are required to bridge the legal divide. (Although negotiations between the Commission and the US on a replacement data transfer agreement are continuing.)

In the meanwhile Schrems II enforcements are starting to flow and orders to cease US data flows may soon follow.

In another sign of enforcement ramping up, the European Data Protection Supervisor (EDPS) just this week upheld a complaint against the European Parliament over US data transfers involving use of Google Analytics and Stripe.

The EDPS decision reprimands the parliament and also orders it to fix outstanding issues within one month.

The other 101 complaints noyb filed back in 2020 are also still awaiting decisions. And as Schrems notes EU DPAs have been coordinating their response to the data transfer issue. So theres likely to be a pipeline of enforcements striking at usage of US cloud services in the coming months. And, well, a lot of sand falling out of eyes.

Heres Schrems on the Austria DPAs reasoning again: This is a very detailed and sound decision. The bottom line is: Companies cant use US cloud services in Europe anymore. It has now been 1.5 years since the Court of Justice confirmed this a second time, so it is more than time that the law is also enforced.

We expect similar decisions to now drop gradually in most EU member states, he adds, further noting that Member State authorities have been coordinating their response to the flotilla of complaints (the EDPB announced a taskforce on the issue last fall).

In the long run we either need proper protections in the US, or we will end up with separate products for the US and the EU, Schrems also said, adding: I would personally prefer better protections in the US, but this is up to the US legislator not to anyone in Europe.

While netdoktor has been found to have violated the GDPR, its not clear whether it will face a penalty as yet.

It may also seek to appeal the Austrian DPAs decision.

The company has since moved its HQ to Germany, which complicates the regulatory jurisdiction component of this process and means it may face additional enforcement, such as an order banning transfers, in a follow on action by a German regulator.

There is another notable element of the decision that has gone Googles way for now.

While the regulator upheld the complaint against netdoktor it did not find against Googles US business for receiving/processing the data deciding that the rules on data transfers only apply to EU entities and not to the US recipients.

That bit of the decision is a disappointment to noyb which is considering whether to appeal with Schrems arguing: It is crucial that the US providers cannot just shift the problem to EU customers.

noyb further flags that Google may still face some pending sanction, however, as the Austria DPA has said it will investigate further in relation to potential violations of Article 5, 28 and 29 GDPR (related to whether Google is allowed to provide personal data to the US government without an explicit order by the EU data exporter).

The DPA has said it will issue a separate decision on that. So Google may yet be on the hook for a GDPR breach in Austria.

Penalties under the regulation can scale as high as 4% of a companys annual global turnover. Although orders to ban data transfers may ultimately prove a lot more costly to certain types of data-mining business models.

To wit: Long time EU privacy watchers will be aware that Facebooks European business is on penalty time in Ireland over this same EU-US transfers issue. A preliminary order that Facebook suspend transfers was issued by Ireland in fall 2020 triggering legal action from the social media giant to try to block the order.

Facebooks court challenge failed but a final decision remains pending from the Irish regulator which promised noyb a swift resolution of the vintage complaint a full year ago. So the clock really is ticking on that data transfer complaint. And someone should phone Metas chief spin doctor, Nick Clegg, to ask if hes ready to pull the plug on Facebooks European service yet?

Follow this link:

In bad news for US cloud services, Austrian websites use of Google Analytics found to breach GDPR - TechCrunch

Greater Texas | Aggieland Credit Union has partnered with Insuritas to offer insurance brokerage services to its more than 60,000 members.

EAST WINDSOR, CONNECTICUT, USA, January 18, 2022 /EINPresswire.com/ -- Aggieland Insurance Solutions, a wholly-owned subsidiary of Greater Texas Credit Union, offers personal, ancillary, and commercial insurance products following Greater Texas convenient, digital-first member services model. Greater Texas | Aggieland Credit Union, partnered with Insuritas to offer insurance brokerage services to more than 60,000 members.

As part of our strategic planning process, we assessed the services available to our members. After careful analysis, we determined that with Insuritas, we can provide our members with new options to help them work toward their financial goals and manage their risks, said Greater Texas Vice President of Financial Solutions Joe James. Affordability, convenience, and quality of insurance offerings are some of the benefits the agency will provide our members.

The Greater Texas | Aggieland Insurance Solutions will include more than 40 carrier partners with products such as home, renters, auto, pet, identity theft, and travel, among many others.

Were delighted to announce our relationship with Greater Texas Credit Union and are proud to have earned the opportunity to build, launch, and manage a full-service, digitally-powered insurance agency for their members, said Insuritas Chairman and CEO Jeffrey Chesky. Through our relationship, the credit union will now be able to provide simple, seamless access to competitive options for their members insurance needs, all with a focus on delivering the right coverages at the right price at the right time.

About Greater Texas | Aggieland Credit UnionGreater Texas Credit Union, founded in 1952, is a financial cooperative that provides an array of personal financial products and services. Together with its subsidiary, Aggieland Credit Union which serves the Brazos Valley it offers a wide variety of consumer-oriented banking services to its 77,000 members across the state of Texas. Greater Texas has locations in Austin, Houston, San Antonio, Bryan-College Station, Edinburg, and the DFW market with assets of nearly $1 billion. For more information, visit http://www.gtfcu.org.

About InsuritasThe Insuritas mission is to connect people to the insurance products they need through a seamless, transparent shopping experience where carriers compete to provide them with the right coverage at the right price. The Insuritas meta-agency platform, deployed across a network of partners serving over 10M customers nationally, empowers financial institutions to leverage proprietary data-mining techniques and integrations with a broad array of insurance carriers to make highly personalized, digitally optimized insurance offers to their depositors, all within their brand. These strategies help further their commitment to the financial well-being of their customers while driving a critical source of non-interest income for their institution. For more information, visit http://www.insuritas.com.

Jeffrey CheskyInsuritas+1 860-653-1134[emailprotected]

Follow this link:

Greater Texas | Aggieland Credit Union Launches Insurance Agency Through Partnership with Insuritas - Insurance News Net