A few months ago, the US-EU Safe Harbor deal became invalid, and data privacy for US companies hosting data for EU customers got a lot more complicated. Yesterday, the European Commission announced they have reached a new deal named the EU-US Privacy Shield.
The EU-US Privacy Shield is a complete revamp of the old Safe Harbor; in fact, the European Commission said they built the EU-US Privacy Shield from the ground up, since the Safe Harbor had so many issues.
The EU-US Privacy Shield has three basic elements:
Strong obligations on companies handling Europeans’ personal data and robust enforcement.
Clear safeguards and transparency obligations on US government access.
Effective protection of EU citizens’ rights with several redress possibilities.
During the past few months, companies like Google, Facebook, RackSpace, Amazon and others have been drawing up what are called Model Clauses to give EU citizens privacy protection. But for smaller businesses, it would be incredibly expensive and time-consuming to draw up these model clauses. Plus, litigation concerns and courts would make things incredibly nerve-wracking for these smaller businesses. The new EU-US Privacy Shield provides clearer and less stringent concerns about litigation and arbitration around privacy issues on data and gives them more freedom to conduct business in the US with European customers.
In short, the EU-US Privacy Shield should pave the way for a new long-term set of guidelines for US-based companies providing software services and data services for EU customers and companies.
We are likely around three months away from the EU-US Privacy Shield being finalized, but at least there is now an end in sight for companies, organizations and users that are concerned about the loss of the Safe Harbor.
Comments