Formed in 2000 by the United States and the European Union, The International Safe Harbour Privacy Principles Agreement regulated the way that US companies could export and handle the personal data of EU citizens. This agreement was to establish a single set of data protection requirements for transferring data across the borders for all countries within Safe Harbour.
October 2, 2015 the ECJ made the decision to “eliminate” the said agreement and decree it no longer valid. Their ruling was that each of the 28 countries within the EU should determine how their citizen’s online data can be collected and used. The ECJ set a date of January 31, 2016, for an amendment to be made. After missing the deadline, US and European Commission officials met on February 2, and struck up an interim agreement, Privacy Shield.
The European Commission states: “The EU-US Privacy Shield reflects the requirements set out by the European Court of Justice in its ruling on 6 October 2015, which declared the old Safe Harbour framework invalid. The new arrangement will provide stronger obligations on companies in the U.S. to protect the personal data of Europeans and stronger monitoring and enforcement by the U.S. Department of Commerce and Federal Trade Commission (FTC), including through increased cooperation with European Data Protection Authorities. The new arrangement includes commitments by the U.S. that possibilities under U.S. law for public authorities to access personal data transferred under the new arrangement will be subject to clear conditions, limitations and oversight, preventing generalized access. Europeans will have the possibility to raise any enquiry or complaint in this context with a dedicated new Ombudsperson.”
Thousands of American companies relied heavily upon Safe Harbour, and the termination looked to affect organizations of all sizes. For tech giants like Google, Apple and Facebook, Privacy Shield will evidently allow them to move data freely without incurred costs to the public. There will still be political hurdles to clear like national data protection bodies and inquiries from civil liberties organizations. Following the Edward Snowden revelations of 2013, some EU citizens still aren’t convinced that the U.S. is taking their privacy seriously.
European parliament member Jan Phillip Albrecht stated that “The European Parliament and national data protection authorities must make clear that such a legally dubious declaration will not stand.” And that “it seems clear that this new framework will also be challenged in the European Court of Justice, as it is clear that this does not fulfill the conditions of the court’s ruling.” The agreement still must be officially approved by the 28 member states of the European Union and national data protection authorities.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.
Follow us on LinkedIn and Twitter for current company and industry news.