The EU-US Privacy Shield and transatlantic data protection
A new agreement is intended to resolve issues surrounding movement of personal data from Europe to America. This is important news for privacy-conscious individuals involved in data and money transfer to the States, but what is the new deal? Moreover, why did the old arrangement collapse? Read on to find out.
The old mechanism
Under the Safe Harbour Agreement, in place from 2000 until late last year, US companies could voluntarily self-certify that they observed the European Union's Directive on Data Protection. The agreement was intended to protect the personal data of consumers and employees, and over 3,000 US firms used the framework.
Things changed, however, when Edward Snowden revealed that the US government was gathering personal data held by US companies. These revelations were followed by a legal battle when Max Schrems, a law student, took Facebook to court over its data security. The European Court of Justice ruled Safe Harbour invalid, arguing that US public authorities were accessing data on a “generalised basis”.
The European Commission also complained that Safe Harbour made it too difficult for individuals to take legal action concerning their data storage and, finally, that the capabilities of supervisory authorities were being affected by the framework.
Raising a new shield
After months of wrangling, the European Commission and US State Department have composed an alternative package of measures known as the EU-US Privacy Shield. This new arrangement places stricter requirements on US companies and promises monitoring and enforcement by American authorities. It also commits the US to suspending mass surveillance and promises an annual appraisal alongside an impartial reviewer.
No quick fixes
Andrus Ansip, vice president of the European Commission heading Digital Single Market, has said that “both... citizens and our businesses will benefit” from the Privacy Shield.
Others, however, are more sceptical. Max Schrems thinks that the Shield compromises fundamental individual rights while giving US companies privileged access to the EU market. Similarly, speaking for the Alliance of Liberal Democrats in Europe, Sophie in 't Veld states that "it is highly doubtful that [the safeguards] offer meaningful protection".
The Shield is still only a political agreement, and hasn't been made legally binding. Europe’s data protection authorities have advised businesses to not rely on it until a full review has been completed. It should be noted that the arrangement may be a legal grey area for years to come, leading some commentators to advise that businesses should “consider storing personal data only on servers within the EU”.
Controversy surrounding the EU-US Privacy Shield has brought the difficulties associated with protecting personal data into focus, and has re-ignited fears surrounding how businesses treat customers' information generally. These concerns can be especially acute when financial data is involved – clients who use our international money transfer site can rest assured that we comply with Payment Card Industry (PCI) standards for secure processing, storage and transmission of credit card data. We're also Data Protection registered, and we never sell, trade or rent users' personal information.
If you're looking for a secure way to transfer money online and are concerned about your privacy, contact The Money Cloud for a friendly chat about our processes. You can also stay on top of data protection developments affecting money transfer by checking back to our blog regularly.