You might be wondering what all the recent fuss in the media has been about EU data sharing agreements with the US and the attitude of the US government towards surveillance on citizens’ data for the purposes of national security.
The issue came to a head after a so-called data-sharing “safe harbour” agreement, reached in 2000 between the EU and the US authorities, was struck down in October 2015 by the European Court of Justice, following legal action by an Austrian privacy campaigner concerned by revelations of mass US government surveillance on citizens’ data. The agreement provided safeguards for EU citizens whose personal data ended up in the hands of US based service providers.
This issue is more important than you might think. It is estimated that over 4,500 companies, including Facebook, Apple and Google, transfer personal data across the Atlantic on a daily basis. In the age of cloud computing, where data can be transferred across international boundaries to wherever there is spare functioning storage or communications capacity at a moment’s notice, it is vital that users have some level of assurance about how their data will be handled.
Authorities in Europe and the US have now in fact reportedly reached a robust new safe harbour agreement that, it is claimed, will ensure the safety of EU citizens’ data when transferred across the Atlantic. The new EU-US “privacy shield” will allow companies to continue to transfer and process EU citizens’ data in the US given certain privacy guarantees.
Antony Walker, deputy chief executive of techUK, which represents over 900 companies from the UK technology industry, acknowledges just how vital this is. He says: “The fact that EU and US negotiators have worked day and night for several months to secure this agreement reflects how important transatlantic data flows are to the global digital economy.”
US data protection laws are currently more relaxed than those in Europe, and the federal authorities there, including the FBI and the US Department of Homeland Security, have a more intrusive attitude towards accessing personal data for reasons of national security. As evidenced by the recent legal attempt by the FBI to get Apple to hack into one of their own iPhones in order to extract evidence against a terrorist suspect.
The new agreement will effectively allow the continued transfer of data from the EU to the US, with promises of privacy protections equivalent to those afforded to the data of EU citizens while in the EU. Companies who employ the new agreement will face regular compliance checks from the US Department of Commerce to ensure that they are still following the deal’s rules, which are supposed to ensure that companies based in the US apply the same data protection standards as those found in the EU.
Announcing the new deal, European Commissioner for Justice, Vera Jourova, said: “For the first time ever, the US has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms.”
Crises Control currently hosts its all of its data storage in European data centres, so this is not a live issue for us at the moment, but as data storage continues to become a truly global industry we all need everyone to be on the same page on data privacy.
Not everyone is convinced that the new agreement will withstand the expected legal challenges to it, but the issue is of such importance to the future of the technology industry that I believe the EU and US authorities will do whatever it takes to make it work, because they understand the consequences if they do not.