The past 6 months have been turbulent ones for US organizations that handle the personal data of EU citizens. It’s a time of major reform. While we do not yet have final resolution, the building blocks for a modern cross-border data privacy agreement have begun to take shape.
In a new article for CSO Online, The impact of the new Trans-Atlantic privacy law, I talk about the history of data protections, from the EU Data Protection Directive and the “Safe Harbor” provision, now abolished, and what the future data privacy landscape is likely to look like.
As was outlined recently here on InTelligence, the EU-US Privacy Shield, known as “Safe Harbor 2.0,” was drafted in late February, 2016. Although the proposal is likely to undergo several levels of review, the current draft provides insight into what the Department of Commerce and the EU Commission have already determined to be an acceptable compromise. Many elements of the new Privacy Shield were included to counter deficiencies mentioned in the pivotal Schrems litigation.
The Privacy Shield would require US organizations possessing data of EU citizens to establish an internal and readily-available method to receive and process complaints free of charge to EU citizens, to implement a precise timeline for complaint response, and legal redress for EU citizens in cases where US law enforcement seeks access to such data. It is likely that the Privacy Shield will continue as a self-certification process, but with much stricter oversight by the US Department of Commerce and the US Federal Trade Commission (FTC).
Until the formal adoption of the Privacy Shield, US companies remain at an increased risk of privacy violations while handling and/or processing EU citizens’ personal data. Adding to the uncertainty is the current consideration of the EU General Data Protection Regulation (EU GDPR) set to roll out in the near future, to supplant the Directive. For more insight into the upcoming changes to Trans-Atlantic privacy law, read the full article.
In advance of finalized requirements for the Privacy Shield or GDPR, I also invite you to read about the Top 5 Things You Need to Know about the EU GDPR, then take steps to Avoid the Pitfalls of the New EU Data Protection Regime.
Absolute Data & Device Security (DDS) allows organisations to persistently track and secure all of their endpoints within a single cloud-based console. Computers and ultra-portable devices such as netbooks, tablets, and smart phones can be remotely managed and secured to ensure—and most importantly prove—that endpoint IT compliance processes are properly implemented and enforced. Learn more here.