Hot on the heels of the General Data Protection Regulation's approval last week, an agreement has been reached between the EU and the US for transatlantic data flow.
The EU-US Privacy Shield will replace Safe Harbour, the law which allowed the transfer of data from the EU to the US until it was ruled invalid last October for failing to protect EU citizens' privacy rights.
A decision on the new framework will be welcomed by US titans including Google, Apple and Microsoft, who bank on data from the EU – but what's going to change, and what impact will it have on your business?
The major changes made by the EU-US Privacy Shield include:
- US companies will be obligated to comply with specific rules related to protecting EU citizens' personal data
- Safeguards and clear limitations designed to prevent mass general surveillance of EU citizens by the US government
- A specially created US ombudsperson to handle EU citizens with concerns over their data privacy
The proposed changes would ease the pressure on EU businesses which rely on cloud-based services in the US such as HR, CRM and marketing platforms, which are difficult to balance with data protection compliance.
In its current form, Privacy Shield may ultimately amount to business as usual for many companies. It is, after all, designed to enable rather than prevent the transfer of data.
However, these developments do highlight the requirement for businesses to be aware and in control of where their data is stored and the compliance of third parties – a matter of increasing importance given the General Data Protection Regulation's requirement for transparency.
Notably, the proposed EU-US Privacy Shield has hardly been universally welcomed, and assurances from the US government around mass surveillance have been questioned, with the 2013 NSA scandal that prompted changing legislation still fresh in many peoples' minds.
It remains to be seen how this growing scepticism and increased concern over personal privacy can be balanced with the economic benefits of the data economy, and it's likely that data protection legislation will continue to evolve in trying to find that balance.
Whatever changes are made to data protection legislation, DeltaNet clients can rest assured that our compliance eLearning will be kept up to date in line with any legal requirements that may arise.
Contact us today to learn about how we can help you deliver data protection training that's always up to date with current legislation.