Its Time To Say Goodbye To The EU-US Privacy Shield
In 2000, the European Commission (EC) introduced Safe Harbor. It was a principles-based, voluntary framework to allow companies to transfer personal data of European residents to the US. And Austrian law student Maximilian Schrems took Facebook to court claiming that, once his data reached US soil, privacy protection faded.
Five years later, the European Court of Justice (ECJ) declared Safe Harbor invalid. To replace it, the EC issued the EU-US Privacy Shield. The new framework was supposed to provide additional protection to EU citizens' data with the creation of new safeguards, such as the Data Protection Ombudsman, and the "promise" that US surveillance would be limited. Today, the ECJ decided that these expectations have not been met and invalidated the privacy shield.
About 5,000 companies currently rely on the framework to transfer personal data to the US, and these transfers contribute to transatlantic trade, which is worth about £5.6 trillion. To keep these vital transfers flowing while complying with the ECJ's ruling, security, and risk (S&R) pros must take these steps:
- Map out your data transfers today. S&R pros must start mapping out their data transfers today to understand which transfers are impacted.
- Assess alternatives and adopt standard contract clauses (SCCs) with caution. SCCs have become the go-to strategy for most companies, and the ECJ affirmed their validity. But, experts expect the EC to adopt an updated version of SCCs soon.
- Review your third parties' data flows and contracts. First, remediate any problems with data transfers that involve cloud providers. This is the time to find out where they're actually keeping your data and respond accordingly.
- Assess changes to data transfers from Europe to countries beyond the US. More changes are likely. For example, European data protection authorities can stop transfers under SCCs if they don't believe they offer adequate protection. Thus, companies must examine not only which data transfers are happening but also how business-critical they are, and start planning for the future.
- Green-light transfers to "adequate countries." Currently, the EC has recognized 12 countries as adequate from a data protection perspective. If you transfer data to one of them, no further red tape is required.
This post was written by Senior Analyst Enza Iannopollo, and it originally appeared here.
Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals
The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more
AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments
Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more
Technology Sector Fuels U.S. Economic Growth In Q2
The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more
Tech Start-Ups Advised To Guard Against Foreign Investment Risks
The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more
Global IT Outage Threatens To Cost Insurers Billions
Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more
Global IT Outage Disrupts Airlines, Financial Services, And Media Groups
On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more