Dropbox and Microsoft have become the latest big name US tech companies to announce they’ve signed up to the controversial US-EU Privacy Shield data transfer agreement, following Google.
File sync and share firm Dropbox said in a blog post today that it welcomed confirmation of its certification and is looking forward to the success of the program.
“We support the new framework as a means to protect individual privacy while enabling users and businesses to benefit from the free flow of data that is so critical to the global economy,” said EMEA vice president, Philip Lacor.
Microsoft announced the same on Monday, claiming to be the first global cloud service provider to appear on the Department of Commerce’s list of Privacy Shield certified entities.
“Adherence to this framework underscores the importance and priority we at Microsoft put on privacy, compliance, security, and protection of customer data around the globe,” said Azure senior director, Alice Rison.
The two follow Google, which revealed its adoption of the Privacy Shield agreement at the end of August, claiming it represents “a significant milestone for the protection of Europeans’ personal data and promotes trust in the digital economy.”
However, the jury is still out to an extent on the new framework, which is designed to streamline the transfer of data between the US and EU, allowing US tech companies to store EU citizens’ data outside the region without falling foul of its strict data protection laws.
For one thing, companies effectively self-certify rather than go through a rigorous testing process to gain certification.
But more importantly, the agreement itself has been questioned by senior European privacy experts.
In April, the Article 29 Working Party – a group comprised of representatives from member states’ data protection authorities – voiced “strong concerns” over the agreement and asked for a new review.
And a few weeks later, the European Data Protection Supervisor (EDPS) Giovanni Buttarelli claimed Privacy Shield was “not robust enough to withstand future legal scrutiny before the [European Court of Justice].”
The problems mainly lie with US authorities' ability to carry out “indiscriminate surveillance” which might include data on EU citizens.
The local privacy watchdog in Hamburg is also said to be considering a legal challenge to the European Commission's rubber stamping of the Privacy Shield.