The rise of digital technologies has enabled businesses and the data that they hold to be more mobile than ever before. However, multi-national agreements are often required in order to guarantee the security of this data. The most high profile of these, the Safe Harbour agreement, was created by the EU and US between 1998 and 2000 in an attempt to protect citizen’s data on both sides of the Atlantic.
[easy-tweet tweet=”The EU Commission has announced a new framework for transatlantic #data flows: the EU-US #PrivacyShield”]
Back in October last year, however, the European Commission declared the Safe Harbour agreement to be invalid following a complaint by Austrian citizen Maximillian Schrems. The initial reaction to the abolition of the Safe Harbour agreement was one of uncertainty and confusion. Organisations rushed to amend their user agreements and many considered relocating customer data where possible. The lack of clarity over when the agreement would be replaced only added to the sense of businesses left in limbo.
This finally came to an end this week when the European Commission announced that it had agreed a new framework for transatlantic data flows: the EU-US Privacy Shield. European Commission vice president Andrus Ansip has stressed that the new framework will protect the fundamental rights of Europeans.
the EU-US Privacy Shield will protect the fundamental rights of Europeans
“We have agreed on a new strong framework on data flows with the US,” he said. “Our people can be sure that their personal data is fully protected. Our businesses, especially the smallest ones, have the legal certainty they need to develop their activities across the Atlantic. We have a duty to check and we will closely monitor the new arrangement to make sure it keeps delivering. Today’s decision helps us build a Digital Single Market in the EU, a trusted and dynamic online environment; it further strengthens our close partnership with the US. We will work now to put it in place as soon as possible.”
The EU-US Privacy shield includes three key elements for protecting personal data belonging to EU citizens:
Firstly, US companies will now be subject to stringent obligations from both the US Federal Trade Commission and European DPAs when importing data from EU citizens.
Secondly, there must be transparency regarding US government requests to access data and mass surveillance will no longer be carried out.
And finally, EU citizens will have more opportunities to make formal complaints if they feel their personal data has been misused.
Whether or not the EU-US Privacy Shield will completely appease privacy advocates, however, remains to be seen. Although the framework has now been agreed, it will be difficult for businesses and individuals to understand how it differs from Safe Harbour, in practice, until more details are revealed. Neil Laver, Sales Director at Veber welcomes the EU’s decision, but stresses that it doesn’t mean data privacy is guaranteed.
“It’s good to see the progress being made by the US and the EU commission,” he said. “However, we really need to see the small print, due later this month, to be fully confident about the agreement. Even then, if companies really want to ensure that their data is safely within the UK or the EU then they need to choose cloud providers and hosting companies, like Veber, who can guarantee this.”
[easy-tweet tweet=”The EU-US #PrivacyShield agreement is simply representative of changing attitudes towards #data #privacy ” user=”bsquared90″]
For businesses, the new agreement assures them that they can continue serving their customers in both the US and the EU, but organisations may find that 2016 has a huge impact on the way that they handle data, particularly with the General Data Protection Regulation (GDPR) due for adoption in the coming months. Dave Packer, vice president of product management at Druva, believes that the combination of GDPR and the EU-US Privacy Shield will be important but shouldn’t be allowed to overshadow basic security protocols.
the year of 2016 will have a huge impact on the way that businesses handle data, particularly with the GDPR due for adoption in the coming months
“Taken together, there have been a lot of changes for businesses dealing with EU customers to consider,” he said. “Druva believes the best approach for the moment is to concentrate on applying data security best practices – so encryption, firewalls and anti-virus technologies and the like – but also make sure that there is a more proactive approach in place towards managing data as it is created regardless of location, rather than centrally after the fact.”
Many would say that the new agreement is simply representative of changing attitudes towards privacy. The Snowden revelations regarding government surveillance, which ultimately led to the disintegration of Safe Harbour, has meant that public and organisational awareness of data protection is at an all-time high. The EU-US Privacy Shield simply puts into writing what businesses have known for some time now – that data privacy can no longer be taken for granted.