In October 2015 the Court of Justice of the European Union (CJEU) declared Safe Harbor invalid as a framework for the transfer of personal data from the EU to the USA. The CJEU were ruling on a case, brought by the internet activist and privacy evangelist Max Schrems, in respect of the snooping practices exposed by Edward Snowden, the former security contractor who blew the whistle on the National Security Agency and in doing so raised awareness of the degree to which personal data is systematically accessed by agencies in the USA.
Following the declaration of Safe Harbor as invalid, the EU and the USA politicians and regulators have been working hard to find a substitute for Safe Harbor and have just approved Privacy Shield as a safe framework for transatlantic personal data flows. This is good news for businesses that use US based cloud services and other hosted services and is also good for multi-nationals whose personal data moves backwards and forwards between the EU and USA.
Privacy Shield includes commitments by the USA to limit the use of bulk data collection for intelligence and security purposes, requires the appointment of an ombudsman to deal with complaints by EU citizens, and provides power to the regulators to fine businesses that do not comply with Privacy Shield.
Whilst Privacy Shield may be the new “safe harbour”, it may take some while for the Department of Commerce to put in place a Privacy Shield certification process and so right now Privacy Shield is still not an effective solution.
According to privacy activists including Max Schrems, Privacy Shield is still not even an adequate privacy solution and indeed Max Schrems has described it as ‘putting 10 layers of lipstick on a pig’.
On 8 September Charles Russell Speechlys will be presenting a webinar on Privacy Shield and other data transfer issues with privacy experts including Vint Cerf ( one of the Fathers of the Internet), Ann Cavoukian (former Privacy Commissioner of Ontario and founder of Privacy by Design) and Mozelle Thompson (former Federal Trade Commissioner responsible for Safe Harbor in 2000).