Skip to main content

Privacy Shield data protection program now has a new member: Microsoft

This week during the Ignite 2016 conference in Atlanta, Microsoft said that it is the first global cloud service provider to appear on the Privacy Shield list. That means the personal data Microsoft transfers across the Atlantic must abide by the European Union (EU) data protection requirements. The Privacy Shield framework went into effect on July 12, and replaces the older mechanism used to transfer data between the EU, Switzerland, and the United States.

“The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce,” the Privacy Shield site states.

Recommended Videos

The previous platform used to transfer data was called the International Safe Harbor Privacy Principles. These were created by the U.S. Department of Commerce, the EU, and the Federal Data Protection and Information Commissioner of Switzerland in 2000 to protect the personal data of EU/Swiss citizens passed to and from the United States.

Safe Harbor was based on seven principles: notice, choice, onward transfer, security, data integrity, access, and enforcement. Essentially, individuals must be notified if their data is collected, and they must have an option to opt out of the collection process. Data transfer must adhere to certain standards, data must be secured, data must be reliable and relevant, and data must be accessible by the owner. All of this must be enforced in the process.

However, Safe Harbor was overturned by the European Court of Justice in October 2015. The decision led to consumer complaints about the protection of their data, which then ignited new talks between the EU and U.S. authorities to establish a new foundation. That’s where the new Privacy Shield platform begins.

“Microsoft’s participation in the Privacy Shield applies to all personal data that is subject to the Microsoft Privacy Statement and is received from the European Union, European Economic Area, and Switzerland,” Microsoft states. “Microsoft will comply with the Privacy Shield Principles in respect of such personal data. Microsoft also maintains an affirmative commitment to the U.S.-Swiss Safe Harbor Framework and its principles, which will not be affected by our participation in the Privacy Shield.”

Companies wanting to jump on the Privacy Shield bandwagon must meet specific requirements. They must inform individuals about data processing, provide free and accessible dispute resolutions, cooperate with the Department of Commerce, maintain data integrity and purpose limitation, and ensure accountability for data transferred to third parties. Transparency related to enforcement actions is required as well along with a commitment to protect data as long as the data is held.

The Privacy Shield program is administered by the International Trade Administration (ITA), which is part of the U.S. Department of Commerce. In order for American companies to join, they need to publicly agree to the platform’s principles and self-certify to the Department of Commerce. Joining the Privacy Shield platform is completely voluntary.

In addition to Microsoft, Dropbox has also jumped under the Privacy Shield umbrella. The cloud-based storage company received Privacy Shield certification on September 23, which will expire a year from that date. Dropbox also said that it is one of the first major cloud service providers to achieve the ISO 27018 certification, a standard for cloud and privacy data protection honored around the globe.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
The Samsung Odyssey G8 gaming monitor is a steal with this deal
Uncharted Legacy of Thieves collection running on Samsung Odyssey Neo G8.

If your dream PC gaming setup is still missing a screen, we highly recommend taking a look at Samsung monitor deals for nice bargains. Here's one that's available right now: the 32-inch Samsung Odyssey Neo G8 gaming monitor with a $550 discount, which almost halves its original price of $1,300 to only $750. You shouldn't be wasting time though, as the offer may disappear at any moment -- you're going to have to proceed with your purchase immediately in order to secure the savings.

Why you should buy the 32-inch Samsung Odyssey Neo G8 gaming monitor

Read more
This Lenovo ThinkPad is usually $2,059 — today it’s under $1,000
The Lenovo ThinkPad L13 Yoga 2-in-1 laptop in tablet mode.

You can enjoy the best of both worlds between laptop deals and tablet deals if you go for a 2-in-1 laptop like the Lenovo ThinkPad L13 Yoga Gen 4, which is currently on sale from Lenovo itself at 54% off. Its estimated value of $2,059 may seem a bit too high, but in any case, it's a smart purchase at its discounted price of just $931. You'll have to be quick in finishing the purchase process for this device though, as it may be back to its regular price as soon as tomorrow.

Why you should buy the Lenovo ThinkPad L13 Yoga Gen 4 2-in-1 laptop

Read more
‘You can’t lick a badger twice’: How Google’s AI Overview hallucinates idioms
Samples of Google AI Overview errors.

The latest AI trend is a funny one, as a user has discovered that you can plug a made-up phrase into Google and append it with "meaning," then Google's AI Overview feature will hallucinate a meaning for the phrase.

Historian Greg Jenner kicked off the trend with a post on Bluesky in which he asked Google to explain the meaning of "You can't lick a badger twice." AI Overview helpfully explained that this expression means that you can't deceive someone a second time after they've already been tricked once -- which seems like a reasonable explanation, but ignores the fact that this idiom didn't exist before this query went viral.

Read more