5 Must-Know Facts About the EU-US Privacy Shield and How it Affects Your Secure File Sharing

by Shirish Phatak on May 9, 2016

As the cloud, mobile, and other technologies make it easier to share data across The Pond, European lawmakers are trying to make sure that the private data belonging to its citizens is treated with the same secure file sharing care and safety in the United States that it is subjected to within the European Union. Until recently, the Safe Harbor Agreement attempted to address these concerns, but a Court of Justice of the European Union judge tossed the Safe Harbor Agreement last year, ruling that it was wholly inadequate to protect the privacy of European citizens.

In its place, European and American parties are working on Privacy Shield. This agreement is not yet in force, and is not completely fleshed out in terms of the details, but is fully expected to become enforceable in the near future. Here are the most important things you need to know about the Privacy Shield agreement between the EU and the US.

1. Businesses Must Sign Up to Participate

Privacy Shield is another Trans-Atlantic agreement between the US and EU that seeks to strengthen business interests, while protecting the rights of their private citizens.

You can opt out of signing up, but if you do, you will not be allowed to store, process, transmit, etc. personal data on European citizens inside the US. If you do sign up, you will be subject to all of the rules and regulations established in the agreement. the US Federal Trade Commission (FTC) is responsible for enforcing the law on the US side. Participating businesses will be obligated to publish and to follow specific privacy policies. Companies that fail to keep up their end of the bargain can be excluded from participating, which means they won't be allowed to store or process private data about European citizens on American soil. The US Department of Commerce will publish a list that makes it public which companies are signed up to participate, as well as which have been excluded from participation.

2. Privacy Shield Does Not Supersede National Security

When it is deemed that US national security conflicts with Privacy Shield, security trumps the agreement. This includes any investigations being conducted by law enforcement agents in the US. According to the agreement, "Adherence to these Principles may be limited: (a) to the extent necessary to meet national security, public interest, or law enforcement requirements; (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations."

3. Mass Surveillance by US Law Enforcement is Still Allowed Under Privacy Shield

One of the most pressing reasons for tossing out the old agreement, Safe Harbor, was the issue of US mass surveillance. However, it will still be allowed under the new agreement, Privacy Shield. There are six different scenarios in which the US allows federal and law enforcement agencies to conduct mass surveillance: 1. detection and counter attacks involving foreign powers 2. Counterterrorism 3. Counter-proliferation 4. Cybersecurity 5. Detection and countering of any threats to US or allied armed forces and 6. Combating criminal threats across national borders (which includes attempts to avoid sanctions).

4. Privacy Shield Gives Businesses 45 Days to Respond to Complaints by European Citizens

If a citizen of the EU complains about the handling of their personal information, the business in question will be given 45 days to respond to the complaint. If they fail to reply to the satisfaction of the citizen, the citizen will have access to a number of predetermined courses of action. One recourse option will be a free dispute resolution service about the alleged lack of secure file sharing.

5. Privacy Shield is Not Yet in Force

Privacy Shield is designed to make it more secure for Europeans to do business overseas, while assuring them that their privacy will be treated with the same care and consideration it would be in their home country.

Though the European Commission made an announcement about Privacy Shield back on February 2 of this year, it was almost a month later before the US promises arrived. Those were made public on February 29. The decision is still pending challenges by various governments, as well as the information protection authorities of the nations affected. Even after being put in force, the agreement will be reviewed annually by all parties.

This agreement will mean that all US businesses that want to store, process, or transfer data on European customers or other private citizens will need to prove that they have secure data stores and secure file sharing practices in place. Are yours up to the standards of Privacy Shield? What will it take? See our customer success stories here.

November 28, 2017

Trends in Software-Defined Infrastructure

A fully software-defined data center (SDDC) -- an idea that seemed impossible just a few years ago -- is now becoming a reality for many organizations. Here's a...
Continue »

November 16, 2017

Trends in Remote Computing

What happens when big data, mobile computing, and IoT converge? You get edge computing -- and special data consolidation and analysis strategies to accompany it...
Continue »

November 3, 2017

Trends in Disaster Recovery

Disaster recovery plans have been a part of organizations' data management and availability strategies for years. However, disaster recovery techniques have evo...
Continue »

November 2, 2017

Trends in Data Storage

We're in the midst of a data storage revolution. Whereas data storage technologies remained relatively unchanged for decades, the last several years have witnes...
Continue »