Privacy Shield: Wrangle over Safe Harbour and US Government Access to EU Data Appears Finally Settled
Privacy Shield a more formal compliance framework
Disagreement over the Safe Harbour, which let American companies use a single standard for consumer privacy and data storage in both the US and Europe, appears to have finally ended. Safe Harbour was rejected by the EU following leaks by Edward Snowden which discredited it because US Government security agencies were revealed to have flouted the rules.
Safe Harbour let US companies self-certify they protected data about EU citizens appropriately; however, the US National Security Agency practiced widespread surveillance through accessing data which was supposedly protected by Safe Harbour.
Privacy Shield is a new agreement which puts in place “clear limitations, safeguards and oversight mechanisms" for how data should be protected in the future. This is suggestive of a more formal compliance framework and ends many months of uncertainty for UK companies about where best to physically locate data stored in the cloud. Post-Brexit, where the UK is seeking to set up a trade deal with the US then it should provide some clarity.
Microsoft wins appeal over EU citizen data stored in Ireland
In tandem with news of Privacy Shield comes an update on a related story. Microsoft has been engaged in a legal battle with the US Department of Justice to prevent having to turn over information about an EU citizen stored at a data centre in Ireland.
The ruling overturns an order granted in 2014 in favour of the US Government. This means the US government cannot force Microsoft to give authorities access to the firm's servers located in other countries, a court has ruled.
Absolute clarity about data privacy with HTL Support
Well, that should be that… maybe. Governments have a duty of care to protect their citizens and national interests. Privacy Shield may only be in place until the next transgression of the rules ignites another legal challenge.
The surest guarantee that data owned by UK companies is free from data sovereignty issues is to make sure data is stored in UK-only data centres. HTL Support is a UK registered, owned and managed business and only stores data in UK ISO-accredited data centres. The sites are secured in compliance with ISO27001, meeting the regulatory requirements which apply to UK financial services and other professional services sector firms.
To find out more about our first-class cloud solutions, simply get in touch today.