Since the invalidation of the Safe Harbor agreement in October—the agreement that allowed the transfer of data to and from the European Union to the U.S. under EU privacy laws—governments, organizations and individuals have been waiting to hear about the potential alternative framework. This week, U.S. and European officials have jointly agreed to a new framework dubbed the EU-U.S. Privacy Shield.
The challenge has been whether the U.S. and EU officials can come up with a comprehensive agreement that both parties will be happy with. That’s why it’s taken almost two years to get to where we are today and why it might have taken longer, had the European high court not struck down the original Safe Harbor agreement late last year.
The good news is that we are finally receiving direction after being left in limbo for several months now. This week’s data pact deal was a significant milestone in the negotiations; though there are still some hurdles to overcome, it’s a start down a meaningful path.
One of the biggest areas of uncertainty has been the potential enforcement of regulations or fines for organizations that were still following the old Safe Harbor agreement, which would not be enforced until after January 31. Many U.S. companies like Microsoft and Facebook have data centers based in Europe where they can ensure that any collection of information on EU citizens stays within the boundaries of the EU, therefore ensuring that, despite the new framework, they are always in compliance with new mandates. However, the larger majority of businesses, from small to large, have been evaluating their current data transfer environment and asking, what now and what, if anything, do we need to change?
It’s safe to assume that if your organization does business internationally, the least that you’ll need to do is a thorough review of the process to determine whether you are in compliance.
The conversations around Safe Harbor demonstrate that data is precious. The value of data, whether personal information or intellectual property, and the information we create, share and store is incredibly important. It should be handled and protected with care. This conversation may just be the beginning to more discussions on modern data privacy regulations and the handling of data.