Google has become the latest American tech giant to sign on to the US-EU Privacy Shield.
"We are committed to applying the protections of the Privacy Shield to personal data transferred between Europe and the United States,” Google’s Caroline Atkinson, head of Global Public Policy, noted in a blog. “As a company operating on both sides of the Atlantic, we welcome the legal certainty the Privacy Shield brings. Restoring trust—in international data flows and in the Transatlantic Digital Agenda—is crucial to continued growth in the digital economy.”
Microsoft, Salesforce.com and Workday got on board with the joint initiative between the US Department of Commerce and European Commission earlier this month.
The framework is the result of a court-ruled invalidation last year of the Safe Harbor agreements previously in place—and an effort to standardize protections around transatlantic data flows. Under European data privacy principles, companies operating in the EU are not allowed to send personal data to countries with less stringent privacy regulations. The US is considered to be one such country. To overcome this commercial difficulty, the two sides had developed the Safe Harbor agreement: Provided that the US company concerned agrees to abide by certain privacy guarantees, it was able to receive personal data from EU sources.
But the Edward Snowden revelations on the NSA Prism surveillance program prompted many European politicians and private citizens to question whether the Safe Harbor arrangement was actually compatible with EU privacy dictates. And so, after being in place for 15 years, it was declared to be invalid in October 2015, with Privacy Shield agreed upon in February 2016 and approved in July.
Privacy Shield will see the US create an ombudsman position within the State Department to field complaints from EU citizens about US spying, and prevents indiscriminate mass surveillance of Europeans' data. The idea is to ensure that the $250 billion dollars of transatlantic trade in digital services can continue unhindered, by wrapping assurances from the US about the handling of cross-border data transfers. It also provides for enforcement actions.
Photo © Gil C/Shutterstock.com