Aug. 1 marks the beginning of a more stable and secure era for trans-Atlantic data transfers. It’s the day Privacy Shield, a new agreement between the United States and the European Union, takes effect. And it’s off to a good start, with a number of major companies already announcing that they will join, and many others favorably considering participation in the new framework.
Privacy Shield, completed in July after lengthy negotiations, is the successor to the Safe Harbor Framework, the U.S.-EU agreement that for fifteen years had provided a reliable basis for transfers from Europe of personal data in commercial contexts. Privacy Shield – as its name suggests — offers strengthened privacy protection, including rigorous oversight of company compliance, and greater controls on onward transfers of data to third countries for processing. Companies that pledge to implement its provisions, and live up to their commitments, will be able to freely move personal data from Europe to the United States.
{mosads}Today’s software companies — and their customers — need this firm legal foundation for moving data across the Atlantic swiftly and efficiently. So companies are carefully studying what the Privacy Shield has to offer, and, in many cases, moving quickly towards qualifying for the new framework. A number of BSA members – Workday, CA Technologies and Microsoft among them — already have announced they will self-certify their participation on or soon after Aug. 1, and are working hard to put into place the enhanced privacy measures that the Privacy Shield requires.
Privacy Shield brings important certainty and stability to the current environment for trans-Atlantic commerce and privacy protection. It’s an important diplomatic achievement, for which the U.S. and EU authorities deserve much credit.
And it comes at the right time, just as another principal method of cross-border data transfers, standard contractual clauses, is facing judicial scrutiny. A suit is now pending in Ireland challenging the legitimacy of such clauses, in a legal dispute that likely will be referred to the European Court of Justice for resolution. BSA has joined the Irish case as a friend of the court, to make sure the economic importance of trans-Atlantic data flows is fully understood.
Privacy Shield thus arrives at a moment when the political and legal environment for trans-Atlantic data transfers still is not entirely settled. That’s exactly why it’s a key step forward for software companies, their customers, and for the data-driven economy.
Victoria Espinel is President and CEO of BSA | The Software Alliance.