8 Ways To Secure Data During US-EU Privacy Fight - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Data Management
News
2/15/2016
08:05 AM
Lisa Morgan
Lisa Morgan
Slideshows
Connect Directly
Twitter
RSS
E-Mail
100%
0%

8 Ways To Secure Data During US-EU Privacy Fight

After months of legal uncertainty over transatlantic data flows, the European Commission and the US have agreed on a new framework called the EU-US Privacy Shield. But because no text is available yet, there's no way to interpret it. Here's what organizations need to know now.
Previous
1 of 9
Next

(Image: HebiFot via Pixabay

(Image: HebiFot via Pixabay

The EU-US Safe Harbor that governed the flow of data between the US and European Commission countries is dead, and there's no formal framework text to replace it yet. The result is a lot of legal uncertainty for many organizations when it comes to transatlantic transfers of data. It may be weeks or months before the dust settles. What do enterprises need to know now?

First, some background. On October 6, 2015, the European Court of Justice invalidated the EU-US Safe Harbor framework in the Maximilian Schrems v Data Protection Commissioner case. A couple of weeks later, the Article 29 Working Party issued a statement about the practical effects of the ruling. The group urged businesses to proceed very carefully. Then on February 2, 2016, the European Commission (EU) announced it and the US had agreed on a new framework for transatlantic data flows called the EU-US Privacy Shield, but because no text is yet available, the framework cannot be interpreted.

"We haven't seen the solution. We only heard very high-level principles by the European Commission and some data that was added by the Department of Commerce, but we need to see the actual documentation to understand exactly what this entails," said Omer Tene, VP of research and education at the International Association of Privacy Professionals (IAPP), in an interview.

It's clear that unfettered surveillance by the US is considered inconsistent with fundamental individual privacy rights of Europeans, and that opinions about where lines should be drawn differ from country to country, despite unified efforts to define what are and are not lawful transatlantic data transfers. In the interim, alternative mechanisms are available, including Standard Contractual Clauses and Binding Corporate Rules, but they are far from perfect.

"We're getting inquiries from European and US companies asking what they can do. The Article 29 Working Party said that the model clauses or the binding corporate rules are still legal, but they haven't said they're definitely going to be legal forever going forward, which puts people like me on edge," said Kenneth Mullen, a partner at law firm Withers Bergman, in an interview. "At the moment, companies are putting these alternative methods in place."

In addition, the Article 29 Working Party has strongly suggested businesses consider putting legal and technical solutions in place to further minimize risk, which some companies are doing. Others are taking a wait-and-see approach, since no one knows what the Privacy Shield will actually require until the text is available.

Here are a few things you should be aware of.

Lisa Morgan is a freelance writer who covers big data and BI for InformationWeek. She has contributed articles, reports, and other types of content to various publications and sites ranging from SD Times to the Economist Intelligent Unit. Frequent areas of coverage include ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
2/17/2016 | 1:58:23 PM
Re: Limbo
Political issues always take more time that business decisions.

Another angle for frustration is the fact that the EU court, as a body, can invalidate an agreement, but that the replacement agreement has to come from each of the EU member nations. It's going to be a long time before all the dust settles.
LisaMorgan
50%
50%
LisaMorgan,
User Rank: Moderator
2/17/2016 | 1:51:45 PM
Re: Limbo
It is a very uncomfortable time.  No one I talked to is expecting a magical solution.  They're expecting the Privacy Shield to be challenged and for the process to take longer than advertised because it's not just a business issue, it's a political issue.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
2/17/2016 | 1:29:43 PM
Limbo
If the way businesses have been sharing and protecting data between the US and our friends across the pond is now illegal and there's no text or usable guidance on what to do now, that puts a lot of companies in a really difficult place where they may not be able to make any decisions. I'm glad all of our business is solely within the US and we don't have to interact with foreign entities and potentially share, or not share, data.
Slideshows
10 RPA Vendors to Watch
Jessica Davis, Senior Editor, Enterprise Apps,  8/20/2019
Commentary
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
Slideshows
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll