Menu
U.S., EU reach agreement on Safe Harbor alternative

U.S., EU reach agreement on Safe Harbor alternative

The agreement on the new Privacy Shield framework will make it easier for companies to transfer data between Europe and the US

Goodbye Safe Harbor, hello Privacy Shield: that's the name given by European Union and U.S. negotiators to the deal they struck on Tuesday enabling legal transfers of personal data between the two regions.

EU-US Privacy Shield "will protect the fundamental rights of Europeans where their data is transferred to the United States and ensure legal certainty for businesses," the European Commission said in a press release announcing the agreement.

Designed to replace the Safe Harbor agreement that was struck down in October, the new deal imposes stronger obligations for U.S. companies to protect the personal data of European citizens. It also calls for stronger monitoring and enforcement by the U.S. Department of Commerce and the Federal Trade Commission, both of which will cooperate with European data-protection authorities to address any complaints by EU citizens. A dedicated new ombudsman will help oversee complaints and enquiries as well.

Finally, there will be a joint annual review focused on monitoring and ensuring that commitments are upheld.

"The EU and the United States are the closest allies," said Andrus Ansip, vice president of the EC in charge of Digital Single Market, in a press conference on Tuesday. "On a topic as important as this, we had to find common solutions. I believe this new arrangement is what Europe needs -- both our citizens and our businesses will benefit from this."

U.S. Secretary of Commerce Penny Pritzker was similarly optimistic. 

"It's been a long road, but we've turned the corner and now we stand together," Pritzker said during a press call on Tuesday. "This will allow the digital economy in both the EU and the U.S. to continue to grow."

As part of the agreement, the Department of Commerce will ensure that U.S. companies publish their commitments to protect Europeans' privacy, making them enforceable under U.S. law by the US. Federal Trade Commission. In addition, any company handling human resources data from Europe has to commit to comply with decisions by European DPAs.

Meanwhile, the U.S. has given the EU written assurances for the first time that data access for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms. The U.S. has ruled out indiscriminate mass surveillance on the personal data transferred inside its borders. The annual joint review will include the issue of national security access, with participation by national intelligence experts from the U.S. and European Data Protection Authorities.

Coming up next, the EU College of Commissions has mandated Ansip and the European Commissioner for Justice, Consumers and Gender Equality, Vĕra Jourová, to prepare a draft "adequacy decision" in the coming weeks. That, in turn, could then be adopted by the College after obtaining the advice of the Article 29 Working Party and after consulting a committee composed of representatives of the Member States. In the meantime, the U.S. side will make the necessary preparations to put in place the new framework, monitoring mechanisms and new ombudsman.

Though it was applauded by the U.S. Direct Marketing Association and Microsoft President and Chief Legal Officer Brad Smith, reactions elsewhere were decidedly less enthusiastic about the new agreement. 

"We urgently need a thorough legal appraisal of the safeguards offered by the U.S.," said Sophie in 't Veld, vice president and spokesperson for data protection for the Alliance of Liberal Democrats in Europe. "The legal status of these safeguards is very unclear. It is highly doubtful that they offer meaningful protection to European citizens."

Similarly, "the emperor is trying on a new set of clothes," said Joe McNamee, Executive Director of European Digital Rights. "Today's announcement means that European citizens and businesses on both sides of the Atlantic face an extended period of uncertainty while waiting for this new stop-gap solution to fail." 

At least one U.S. company was also skeptical.

"European attitudes toward data privacy have not changed, and we suspect it will only be a matter of time before Safe Harbor 2.0 is challenged in court," said Yorgen Edholm, CEO of Accellion. "Ultimately, the practice of trans-Atlantic data transfer will remain controversial as long as there remains a fundamental difference of opinion between the U.S. and the EU on what is more important: national security or data privacy. We don’t believe Safe Harbor 2.0 will end this debate.”

Meanwhile, Europe's data protection authorities were meeting on Tuesday, a day before they are scheduled to publish an evaluation on how recent changes in U.S. law affect trans-Atlantic data transfer using alternative legal mechanisms. They will likely also offer an opinion on the Privacy Shield deal.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

With New Zealand businesses now open to innovation, the industry sits on the cusp of significant disruption in the data centre. Driven by software-defined networking, the future of the data centre is fast becoming reality, as the channel seeks to keep up, keep innovating and keep growing. APC by Schneider Electric, Lenovo and key partners outlined how the channel can capitalise at The Grill restaurant in Auckland.

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​
Show Comments