New EU-US data sharing agreement: the Privacy Shield

Estimated reading time: 4 minutes (Too long? Email me this article)
16, July 2016

A new agreement between the EU and the US has been made concerning improved protection of personal information of European internet users, better known as the Privacy Shield. The Privacy Shield came into effect on Tuesday 12-07-2016.

The successor to the rejected Safe Harbor agreement has been officially adopted by the European Commission, and all member states must comply with the new agreement with immediate effect.

So what’s been going on exactly?

Although information belonging to Europeans could technically not be funnelled to countries whose privacy protection was not as good, like the United States, this was allowed because of the agreement.

Was, because the Safe Harbor principles no longer apply as of 6 October, 2015. So what happened? An Austrian student lodged a complaint with the Irish privacy regulator about information being sent from Facebook Ireland to parent company Facebook Inc. in the United States. The regulator asked the European Court of Justice whether the Safe Harbor Principle still offered sufficient privacy protection. The European Commission assumes that, if a company is ‘Safe Harbor certified’ in the US, it is permissible to send information to that company under European privacy laws. However, European privacy laws assume ‘adequate levels of protection’. The court ruled that this is not the case.

This means that, as of 6 October, 2015, it is illegal to store privacy-sensitive information in the US. Companies that use American, Safe Harbor certified cloud software, and whose customer information is stored in the US, are obliged to take additional measures to ensure they still operate within the framework of European legislation.

What has changed?

The new agreement between the European Union and the United States provides for better protection of personal information of European internet users.

For instance, there are much tighter restrictions to the access American intelligence agencies have to information of Europeans. Additionally, European citizens can object to their information being accessed, which they couldn’t do before. The Privacy Shield will be reviewed by the EU and the US every year.

So, is my information secure now?

Privacy watchdogs still aren’t convinced that European information is safe with American companies, even with the Privacy Shield. The Privacy Shield is likely to be tested by the European Court eventually.

If you want to be absolutely certain that the privacy-sensitive information of your company is safe, call or email your supplier to check whether their servers are located in the US or in Europe, and ask what they are doing to secure all of this information.

Their information may well be stored in Europe, in which case you have nothing to worry about. Additionally, we recommend working with organizations that are ISO certified.

Share this article