• Home
  • About Us
  • Contact Us
  • Privacy Policy
  • Special Offers
Business Intelligence Info
  • Business Intelligence
    • BI News and Info
    • Big Data
    • Mobile and Cloud
    • Self-Service BI
  • CRM
    • CRM News and Info
    • InfusionSoft
    • Microsoft Dynamics CRM
    • NetSuite
    • OnContact
    • Salesforce
    • Workbooks
  • Data Mining
    • Pentaho
    • Sisense
    • Tableau
    • TIBCO Spotfire
  • Data Warehousing
    • DWH News and Info
    • IBM DB2
    • Microsoft SQL Server
    • Oracle
    • Teradata
  • Predictive Analytics
    • FICO
    • KNIME
    • Mathematica
    • Matlab
    • Minitab
    • RapidMiner
    • Revolution
    • SAP
    • SAS/SPSS
  • Humor

The end of Privacy Shield: Why it matters and what businesses can do about it

August 28, 2020   Big Data
The end of Privacy Shield: Why it matters and what businesses can do about it

Automation and Jobs

Read our latest special issue.

Open Now

The rules that facilitate much of the digital commerce between the EU and US have been thrown into a state of flux in recent weeks. Last month, the Court of Justice of the European Union (CJEU) passed a landmark judgement to invalidate the Privacy Shield, a framework governing the flow of EU citizens’ personal data into US companies. Then, just last week, Austrian privacy advocate Max Schrems, who brought the initial case to the CJEU, filed fresh complaints against 101 companies that he alleges are failing to provide adequate protection to the data of EU citizens, in spite of the CJEU’s landmark judgement.

What does all this mean in practice? The Privacy Shield allowed US companies to self-certify that they would adhere to loftier data principles than those required of them at home, allowing for the transfer of personal data from the EU to the US. More than 5,000 organizations relied on the arrangement, and the freedom to move data between markets that it gave them has been critical to businesses’ ability to sell physical and digital goods and services to customers in Europe: activities that make up a large part of the $ 7 trillion in transatlantic trade conducted annually. The CJEU’s initial decision left businesses in the US and the EU in a precarious position and cast doubt over their ability to trade seamlessly.

A turning point?

The CJEU’s move to invalidate the Privacy Shield has not, yet, meant that businesses are prohibited from moving EU data to the US. For the moment at least, businesses can rely on what are known as the Standard Contractual Clauses (SCCs) as a valid means of transfer (and in some instances, Binding Corporate Rules, although these are less common). These are a special set of terms designed to guarantee data privacy standards. SCCs are common, so many businesses have been able to continue as they had before.

However, the complaints that Schrems filed last week seek to remove this option for businesses. The complaints against 101 companies, including the likes of Airbnb and the Huffington Post, argue that SCCs do not provide adequate protection for EU personal data because US companies fall under US surveillance laws.

The 2013 Snowden leaks illustrated the extent to which US security agencies had been making use of personal data stored by companies. The ECJ determined that the Privacy Shield was an inadequate mechanism to protect data on EU residents from US surveillance programs — and Schrems argues that SCCs are no better.

With significant reform to US surveillance law unlikely in the near future, companies are being left in an awkward predicament. It is suddenly becoming less viable to rely on SCCs to move data, and businesses are supposed to carry out a comprehensive analysis of local laws and, if necessary, use supplementary measures to protect personal information. We await further guidance from the key regulatory and political stakeholders in this regard.

A patchwork agreement for a Privacy Shield replacement could follow, but there is a real possibility that we could reach a point where data can no longer move freely from the EU to the US. This could lead to a requirement that all data on EU citizens is stored within the EU. This could dramatically limit US providers’ ability to access and process this data and the range of digital services available to EU citizens.

A key issue in Brexit negotiations

The ECJ’s decision on the Privacy Shield may also have a big impact on Brexit, with just a few months remaining for the UK and EU to ratify the terms of a post-Brexit trade deal. Sadly, the issues of data rights and privacy frameworks have not been a major talking point in negotiations thus far, with hot button political issues such as fishing rights seemingly taking priority — despite the huge economic impact that a failure to reach an agreement on data flows would bring. Whatever the outcome, the EU will need to make a decision on the UK’s “data adequacy,” meaning the extent to which UK law protects personal data in comparison with the EU’s own General Data Protection Regulation (GDPR).

The ECJ’s decision on the Privacy Shield was an indication of the level of scrutiny the EU will employ in assessing the UK. In the meantime, the UK needs to decide whether to align itself more with the EU or the US. Will it make it more difficult for companies to export data from the UK, as the EU has? Or will it favor a closer relationship with the US and risk facing the same kind of regulatory uncertainty that the US is now experiencing?

This decision will have a huge impact on the way British businesses operate internationally and how international businesses operate in the UK. If a data adequacy agreement is not reached, the system that allows the free flow of personal data between the EU and the UK could be uprooted. And if one is reached, it could have an impact on a possible free trade deal between the UK and US.

Reacting in the face of uncertainty

So, whether you’re a UK business facing the unpredictability of the Brexit negotiations, or a US company worrying about the future of data flows from the EU, what can you do now to prepare for the changes that are coming? As always, it starts by getting the basics in place. Here are four steps any organization can take to ensure they can adapt quickly and effectively to any regulatory outcome:

  • Understand how you use data: If they are to react quickly, businesses have to know exactly what data they are using, where it came from, and how it is moving through their organization. This should be a continual undertaking, but right now too many companies don’t have a clear understanding of these issues.
  • Think long-term: With so much uncertainty, businesses must factor in potential data compliance requirements into their growth strategies. The privacy regime operating in each region must be a key consideration for any business planning to expand into new markets. Carefully evaluate data regulations when considering where to invest for growth and budget accordingly so you know that you’ll be able to comply with all local regulations.
  • Stay agile: Wherever they are headquartered, it is critical that startups and digital businesses are monitoring developments in the EU-US and the EU-UK negotiations. Progress won’t be steady: nothing could change for a while, and then it will all move very quickly. Make sure someone in the organization is responsible for keeping a close eye on the latest news and flagging anything important.
  • Communicate! Consumers are increasingly aware of how their data is being handled by businesses. Transparency is therefore crucial to building and maintaining trusted relationships. Be proactive about keeping customers informed about your policies and day-to-day operations. You should consider publishing your law enforcement guidelines and transparency reports to make it clear how your organization interacts with data requests from government agencies.

Mark Kahn is General Counsel at customer data platform Segment.

Let’s block ads! (Why?)

Big Data – VentureBeat

About, Businesses, Matters, privacy, Shield

  • Recent Posts

    • Syncing Dynamics 365 User Permissions with SharePoint
    • solve for variable in iterator limit
    • THE UNIVERSE: A WONDROUS PLACE
    • 2020 ERP/CRM Software Blog Award Winners
    • Top 10 CRM Software Blog Posts in 2020

  • Categories

  • Archives

    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • March 2020
    • February 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    • December 2016
    • November 2016
    • October 2016
    • September 2016
    • August 2016
    • July 2016
    • June 2016
    • May 2016
    • April 2016
    • March 2016
    • February 2016
    • January 2016
    • December 2015
    • November 2015
    • October 2015
    • September 2015
    • August 2015
    • July 2015
    • June 2015
    • May 2015
    • April 2015
    • March 2015
    • February 2015
    • January 2015
    • December 2014
    • November 2014
© 2021 Business Intelligence Info
Power BI Training | G Com Solutions Limited