EU – US Privacy Shield (2016)
It is no real surprise that client and customer data privacy is an important aspect of day to day business. Any company in operation will no doubt be aware of the Data Protection Act (1998), which is responsible for protecting businesses and consumers alike. Over the past few years, there have been a number of changes in this area to draw more focus on the rapidly growing digital world.
- 2002 – The Electronic Commerce Regulation: Governs the sale of goods online (ecommerce)
- 2011 – The Privacy and Electronic Communications Regulation: Helps protect businesses and users of the internet. This policy includes the ‘cookie law’
- 2014 – Consumer Protection (Distance Selling) Regulation: Regulation to protect consumers by ensuring businesses provide clear seller information
These policies help protect businesses and consumers within the UK and EU by ensuring full disclosure of seller information, on-site tracking and data privacy. In 2000, the European Commission passed a directive to protect personal information passed between the EU and US known as the ‘Safe Harbour Framework’. This directive was implemented to make sure that data passed between the two regions about any EU citizen should be subject to certain safeguards.
For example, if a user within the UK uses a US company to store files online, this company may only store these files on servers within the US and therefore it is governed under this law.
In October 2015, the European Court of Justice declared this policy invalid based ‘on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.’ It was from this that a new policy was drafted titled the EU-US Privacy Shield, which requires the US to monitor and enforce more robustly and cooperate with European Data Protection Authorities.
What this means in a nutshell is that the US will have to operate internationally in the same way as in the EU by providing more transparency on tracking and privacy policies. It also, for the first time, offers written assurances from the US that access to personal data by any US authorities will be subject to clear limitations and safeguards.
All Response Media Viewpoint
At All Response, we take client and customer data privacy and security seriously. As such, we always welcome changes to laws and policies that help protect everyone from our clients to their customers. With this new policy in place, our clients can rest assured that their data is safe and secure.
You may be wondering what data this may protect; simply, any data that passes between the EU and US that is managed or owned by a member of the European Union is protected by this. Even if the service (i.e. Google Drive, Outlook etc.) being used is owned by a US company (i.e. Google, Microsoft, etc.).
Side Note: This is a detailed and complex policy and has been created to protect businesses and consumers alike by providing clear, privacy focused regulation on all digital data passed between the EU and US. More information can be found European Commission website here.