The Good, the Bad, and certainly not Ugly EU-US Privacy Shield
In a nutshell, it’s a good thing!
In a world that is digitising, safe global transfer of data is essential to a progressive economy. The Privacy Shield is a framework designed to provide EU-like data protection for personal data processed in the United States. Like ‘Safe Harbor’, ‘Privacy Shield’ is a voluntary self-certification framework.
Today it was adopted by the European Commission – meaning it will be up and running in the coming weeks.
The Shield is based on well-established, internationally recognized privacy principles. The rigorous requirements under the Shield are designed to boost trust. Unlike Safe Harbour, it provides for various checks and balances over government access to data and it strengthens transparency and accountability of certifying companies.
Organisations will have to show how they are complying with Privacy Shield and if necessary provide evidence when requested. If you were previously certified against Safe Harbor, you cannot just take your certification and amend it. You will have to get redrafting your privacy notices and renegotiating your vendor contracts.
As much as this may feel like a big compliance headache, one thing is certain. Both sides of the Atlantic take the need to address EU privacy concerns very seriously. Ultimately, it will drive trust in business and confidence with customers, regulators and citizens alike, and that is always a good thing.
We intend to sign up for Privacy Shield and show our support for our respective governments’ efforts to protect and enable the international flow of personal data. We will continue to offer a variety of additional mechanisms, including model clauses. Irrespective of the regulation, we believe personal data must be protected and respected no matter where it is from or where it flows.
Our cloud and SaaS offers, for example, are tailored to allow customers to keep the majority of their data local. Customers can choose local Cisco partners to provide services. They can opt for Cisco to build out and operate their private clouds, or choose a managed cloud solution. We are ready and so will be our customers.
From our perspective, the digital economy can only flourish when you connect people, process, data and things in a meaningful and secure way. That includes creating an environment in which everyone can do business easily and know their data is safeguarded.
For more information on how we protect data entrusted to us, please see Cisco’s Trust & Transparency Center.