American companies can now sign up to the Privacy Shield framework that governs how companies can transfer the data of European Union citizens over to their U.S. servers, while still complying with strict privacy rules. The U.S. Department of Justice will be the one evaluating the applications and monitoring companies for compliance.
Last year, the Court of Justice of the European Union (CJEU) ruled that the Safe Harbor agreement for data transfers between the EU and the U.S. invalid. Since then, it?s been illegal for companies to transfer data to the U.S., and Microsoft is just one of the companies that may get in trouble over this if it doesn?t comply with the new ?Privacy Shield? agreement soon.
The European Commission, which negotiated the framework with the U.S. government, published all the legal documentation accompanying the Privacy Shield framework, as well as a citizens? guide for how EU citizens can file complaints against American companies that handle their data but don?t comply with the Privacy Shield rules.
One of the those rules says that companies must delete the data once it?s not longer necessary, but it may be up to the companies to decide how long the data is needed. Some companies could say they need to store it forever, just in case it may provide some advertising benefit in the future, for example.
The Privacy Shield framework brings many new improvements over the old Safe Harbor agreement, considering the old one allowed American companies to ?self-certify? for it. The new framework will be reviewed every year by the European Commission for potential unforeseen problems.
The Working Party 29, which is formed by the leaders of all the 29 Data Protection Agencies in the EU, has been criticizing the Privacy Shield agreement for being too broadly written. The WP29 is also concerned about the lack of a mechanism that would allow the agencies to object to various privacy issues that some companies may be creating. However, those objections may be considered in the annual review as potential future changes that need to be put into the agreement.
Reply With Quote
Bookmarks