In a week where Football Transfer Deadline Day took many of the headlines, businesses as big as Amazon and Facebook were bracing themselves for a very different deadline – and a significant one at that.
After months of talks and a ‘crunch meeting’ spanning two days, it was announced that Europe and the US have reached a new deal that will ensure the safety of EU citizens’ data when transferred across the Atlantic. This deal has been dubbed ‘Privacy Shield’.
This sounds familiar, right? Very similar to a little ruling called Safe-Harbour that was ruled invalid by the European Court of Justice as recently as October 2015.
What’s Changed?
From what I can tell the changes can be summarised as follows:
• There will now be an Annual Joint Review of the agreement.
• A US official will be responsible for following up any EU complaints regarding data protection.
• Compliance checks will be required for companies who employ the agreement from the US Department of Commerce to ensure all rules are being followed.
• EU citizens personal information will not only be available for law enforcement and nationals security purposes when ‘necessary and appropriate” whereas it was previously thought to be available under the US mass surveillance legislations.
What does it all mean?
This all stems from concerns about how US companies were handling the data of EU citizens. Safe Harbour allowed the likes of the aforementioned Facebook and Amazon to transfer data from the EU to the US. However there were concerns about how that data was being protected and how it was subject to US mass surveillance. Also the data protection standards in the US are not thought to be as stringent as those within EU meaning companies were potentially at risk with any EU legislation or accreditation they hold.
The new Privacy Shield ruling details that the compliance checks these companies are subject to are there to ensure that US based companies apply data protection standards in accordance to those found in the EU.
Is this the way forward?
The long and short of this is that nobody quite knows yet. The main reason for this is because Privacy Shield is merely an agreement, a letter on a piece of paper, a handshake. At this time there is no legislation that enforces it, which means we are relying on a little thing called trust, which is what was broken for Safe Harbour to be ruled invalid in the first place.
Due to this reason, and more, industry experts expect The European Court of Justice to challenge the ruling which means that there is every chance we will be back in an all too familiar place known as Square One.
How could it affect me or my business?
Due to advancements in internet connectivity the 21st century has seen, many applications are now a form of Cloud based technology. Examples of this are Hosted Email, Remote BackUp and Online sharing platforms. Many providers will transfer data between the EU and the US, it is your responsibility to know what happens with your data.
What should I do?
Choose a company who you trust, choose a company who others trust, choose a company who will show you where your data is stored.
As it is expected that this may drag on, the solution to quash any worries that Safe Harbour/Privacy Shield/whatever safety term is coined next brings, is to ensure your data and any clients data is hosted firmly within the United Kingdom.
If you have any concerns about Data Hosting and want to learn more, feel free to contact us here.