Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Lazaro Gamio / Axios

Europe's goal with its strict new privacy regulations is to give consumers more control over their personal information, but some security and privacy experts worry the rules could put the squeeze on some kinds of businesses.

Why it matters: The General Data Protection Regulation (GDPR) imposes strict penalties for improperly collecting or storing user's personal information. But the devil is in virtually every detail, from what actually constitutes personal information to how to define "collect" and "store" — and the resulting confusion could impact everything from criminal investigations to the blockchain industry.

What GDPR is trying to do: GDPR requires global businesses to receive explicit consent to store the personal data of any European citizen and provide a mechanism for users to delete any stored information. It also tightens security practices, including encouraging encryption.

  • In the worst case, the EU will fine businesses 4% of global revenue, or a minimum of €20 million.

Where the problems begin: Personal information can be anything from the obvious (names, addresses, credit card information) to some more obscure pieces of data (users' internet addresses). But the law didn't foresee many of the instances where the public interest might be served by technology that doesn't follow its privacy rules.

Blockchain is one.

  • Blockchain, the public ledger at the heart of Bitcoin that is now being used for a variety of other purposes, may not be compatible with GDPR.
  • Laura Jehl, who heads both the GDPR and blockchain practices at the law firm BakerHostetler, notes that entries on a blockchain are theoretically indelible, but the pseudonymous ID codes used in blockchain may count as personal information that users would have the right to delete.
  • Bitcoin itself is likely exempt from the rule, she said, as Bitcoin lacks a definitive person or company in charge. But other types of blockchains with more definitive ownership would qualify.
  • "It’s strange, because blockchain is another way to approach the same problem" that GDPR addresses, she said.

The WHOIS database is another.

  • The WHOIS database, the internet's long-running public record of who owns which domain, is facing a likely shutdown with GDPR's advent. Many security professionals believe this will devastate their ability to fight cyber crime.
  • “To give you a sense of the scale here, just at IBM alone using WHOIS data we identify 1.3 million malicious domains per month that we share with the security industry to block spam and break up cybercrime campaigns. Without WHOIS data, our analysis found it might take over 30 days to detect malicious domains via other methods," said Caleb Barlow, vice president of threat intelligence at IBM security, via email.

Smaller firms may not be ready: Large U.S. firms have kept their eye on GDPR for some time — 4% of revenue is a lot — but smaller firms are in for some rude surprises.

  • "Very large orgs aware of international presence are in pretty good shape," said April Doss, chair of the cybersecurity and privacy practice at Saul Ewing Arnstein & Lehr. "But midsize entities that think of themselves as primarily U.S. businesses are less prepared."

Prepare to lose EU members on skittish platforms: WarpPortal, makers of the game Ragnarok Online posted a note last week it would simply stop serving EU customers once GDPR kicked in. Other services are likely to follow.

Whispers U.S. firms will be in the crosshairs: U.S. based privacy personnel have a nagging suspicion that the first firms in regulator's crosshairs will be in the U.S., to put a head on a pike. "It's going to be Facebook, right?" asked one expert I spoke to.

Go deeper

Scoop: Gina Haspel almost resigned over plan to install Kash Patel as CIA deputy

Photo: Win McNamee/Getty Images

CIA Director Gina Haspel almost resigned in early December after President Trump cooked up a hasty plan to install loyalist Kash Patel, a former aide to Rep. Devin Nunes (R-Calif.), as her deputy, according to three senior administration officials with direct knowledge of the matter.

Why it matters: The revelations stunned national security officials and almost blew up the leadership of the world's most powerful spy agency.

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Health: Coronavirus deaths reach 4,000 per day as hospitals remain in crisis mode — CDC warns highly transmissible coronavirus variant could become dominant in U.S. in March.
  2. Politics: Biden says, "We will manage the hell out of" vaccine distribution — Biden taps ex-FDA chief to lead Operation Warp Speed amid rollout of COVID plan — Widow of GOP congressman-elect who died of COVID-19 will run to fill his seat.
  3. Vaccine: Battling Black mistrust of the vaccines"Pharmacy deserts" could become vaccine deserts — Instacart to give $25 to shoppers who get vaccine.
  4. Economy: Unemployment filings explode againFed chair: No interest rate hike coming any time soon —  Inflation rose more than expected in December.
  5. World: WHO team arrives in China to investigate pandemic origins.

NRA declares bankruptcy, says it will reincorporate in Texas

Wayne LaPierre of the National Rifle Association (NRA) speaks during CPAC in 2016. Photo: Saul Loeb/AFP via Getty Images

The National Rifle Association said Friday it has filed for Chapter 11 bankruptcy and will seek to reincorporate in Texas, calling New York, where it is currently registered, a "toxic political environment."

The big picture: The move comes just months after New York Attorney General Letitia James filed a lawsuit to dissolve the NRA, alleging the group committed fraud by diverting roughly $64 million in charitable donations over three years to support reckless spending by its executives.