Take one Safe Harbour regulation, shred it, reheat it and what do you have?

Privacy Shield

The EU and US have agreed a new pact to replace the data transfer mechanism called Safe Harbour that was declared invalid late last year. It is hoped that the new pact, called Privacy Shield, will make it easy for organisations to transfer data across the Atlantic, countering the threat that tech firms of all sizes have been facing which would have made it impossible to send personal information for processing in US data centres.

[easy-tweet tweet=”The EU/US #PrivacyShield announcement analysed by @APJ12 of @GTTCOMM” user=”comparethecloud”]

Question: How many lawyers does it take to overturn a 15 year EU-US privacy arrangement?

Answer: None.

Max Schrems wasn’t a qualified lawyer. He was just a student from Austria studying law during a semester abroad at Santa Clara University in Silicon Valley when he started a campaign against Facebook for privacy violations, including its violations of European privacy laws and alleged transfer of personal data to the US National Security Agency (NSA) that eventually lead to the downfall of the whole EU-US data transfer mechanism called Safe Harbour.

Ever since Safe Harbour was overturned, businesses have been seeking a quick and clear resolution. They have been encouraging the European Commission and US administration to move quickly to agree and implement a new arrangement that would allow trans-Atlantic data flows to resume on a secure and stable legal footing.

[easy-tweet tweet=”Ever since #SafeHarbour was overturned, businesses have been seeking a quick and clear resolution”]

International data transfers not only enable global trade, but are also central to many companies’ ability to collaborate and operate both internally and with the partners and clients that they serve.

The delay in negotiating a replacement for the previous, but now defunct, EU-US data transfer mechanism has left firms in limbo without a safe legal footing for such data transfers which are seen as critical to the global digital economy.

The new agreement is called the EU-US Privacy Shield and it includes the following provisions:

  • A US ombudsman will be created to handle complaints from EU citizens relating to any allegations of Americans spying on their data.
  • A written commitment protecting Europeans’ personal data from mass surveillance will be provided by the US Office of the Director of National Intelligence.
  • An annual review conducted by the EU and US will ensure the new system is working properly

A written commitment protecting Europeans’ personal data from mass surveillance will be provided by the US Office of the Director of National Intelligence

A host of bodies including the European data privacy watchdogs, their US counterpart and the Federal Trade Commission will monitor arrangements and flag up any problems.

Companies that are found to abuse or fail to comply with privacy safeguards could be prevented from making use of the trans-Atlantic data transfer arrangements.

So that’s easy then – it’s all sorted. As ever things aren’t quite as simple as this. A few significant hurdles remain:

  • Approval – national watchdogs across the EU are now exempting the provisions outlined in the pact and all 28 EU nations then need to approve the arrangements.
  • Opposition – many privacy campaigners remain adamantly opposed to any pact that might allow trans-Atlantic data flows to continue and some have vowed to do all that they can to combat the EU-US Privacy Shield.
  • Implementation – firms will then need clarity on what is expected from them in order to comply with the new privacy safeguards so that any changes to their systems and processes can be implemented effectively.

So while the clarity and certainty in international data privacy regulation that businesses are crying out for is not quite here yet, we do at least have an indication of the likely provisions. There has already been significant progress towards finding a replacement data transfer mechanism for Safe Harbour and we now need to complete the approval process and make it work.

+ posts

Meet Stella


Related articles

“The need for speed” – Finding a way to unlock agility for today’s businesses 

To fully support agility, the solutions chosen will need to enshrine all the latest innovations in areas like artificial intelligence, machine learning or prescriptive analytics.

Preventing data sovereignty from confusing your data strategy

The reason why sovereignty is so important, is that it enables organisations to be innovative with their data and deliver new digital services. Historically, there has been a distinct lack of trust in the cloud, leading to a lack of innovation.

Edge and cloud joining forces

For a decade-and-a-half now, centralised cloud computing has been considered the standard IT delivery platform and little is set to change on that front.

Cybersecurity stress: how to safeguard your organisation and avoid IT burnout 

For organisations to improve their security, they must seek visibility of all the components that go into the software they use.

Improving industrial cyber defences in the cloud

t's an exciting period of change for the industry, as new technologies are woven into operations to streamline services and enhance the customer experience.


Comments are closed.

Subscribe to our Newsletter