Skip to main content

Privacy Shield data protection program now has a new member: Microsoft

microsoft shutting down docs com document sharing service ifa 2015
This week during the Ignite 2016 conference in Atlanta, Microsoft said that it is the first global cloud service provider to appear on the Privacy Shield list. That means the personal data Microsoft transfers across the Atlantic must abide by the European Union (EU) data protection requirements. The Privacy Shield framework went into effect on July 12, and replaces the older mechanism used to transfer data between the EU, Switzerland, and the United States.

“The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce,” the Privacy Shield site states.

The previous platform used to transfer data was called the International Safe Harbor Privacy Principles. These were created by the U.S. Department of Commerce, the EU, and the Federal Data Protection and Information Commissioner of Switzerland in 2000 to protect the personal data of EU/Swiss citizens passed to and from the United States.

Safe Harbor was based on seven principles: notice, choice, onward transfer, security, data integrity, access, and enforcement. Essentially, individuals must be notified if their data is collected, and they must have an option to opt out of the collection process. Data transfer must adhere to certain standards, data must be secured, data must be reliable and relevant, and data must be accessible by the owner. All of this must be enforced in the process.

However, Safe Harbor was overturned by the European Court of Justice in October 2015. The decision led to consumer complaints about the protection of their data, which then ignited new talks between the EU and U.S. authorities to establish a new foundation. That’s where the new Privacy Shield platform begins.

“Microsoft’s participation in the Privacy Shield applies to all personal data that is subject to the Microsoft Privacy Statement and is received from the European Union, European Economic Area, and Switzerland,” Microsoft states. “Microsoft will comply with the Privacy Shield Principles in respect of such personal data. Microsoft also maintains an affirmative commitment to the U.S.-Swiss Safe Harbor Framework and its principles, which will not be affected by our participation in the Privacy Shield.”

Companies wanting to jump on the Privacy Shield bandwagon must meet specific requirements. They must inform individuals about data processing, provide free and accessible dispute resolutions, cooperate with the Department of Commerce, maintain data integrity and purpose limitation, and ensure accountability for data transferred to third parties. Transparency related to enforcement actions is required as well along with a commitment to protect data as long as the data is held.

The Privacy Shield program is administered by the International Trade Administration (ITA), which is part of the U.S. Department of Commerce. In order for American companies to join, they need to publicly agree to the platform’s principles and self-certify to the Department of Commerce. Joining the Privacy Shield platform is completely voluntary.

In addition to Microsoft, Dropbox has also jumped under the Privacy Shield umbrella. The cloud-based storage company received Privacy Shield certification on September 23, which will expire a year from that date. Dropbox also said that it is one of the first major cloud service providers to achieve the ISO 27018 certification, a standard for cloud and privacy data protection honored around the globe.

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Max Schrems warns Privacy Shield deal between U.S. and Europe will fail
privacy shield max schrems

Max Schrems, the Austrian privacy advocate and thorn in the side of tech companies, has stated that the newly-passed Privacy Shield will likely fail.

Privacy Shield is a new agreement between the U.S. and the EU that allows for legally protected data transfers across the Atlantic. It was officially passed by a vote last Friday and is expected to be formally announced tomorrow. It replaces the old agreement Safe Harbor, which was ruled invalid last year by the European Court of Justice in a case taken by Schrems.

Read more
New EU-US data transfer agreement, 'Privacy Shield,' is made official
European Court of Justice

Privacy Shield, the much-debated data transfer agreement that will replace Safe Harbor, has been approved by the European Union.

The 28 member states of the EU approved the data transfer deal today following extensive debate and some controversy over the protections it provided to EU citizens’ data when transferred to the U.S. Under the terms of the new deal, Privacy Shield will be reviewed on an annual basis.

Read more
Where is sensitive cloud data physically stored? Many EU companies have no idea
Google Data Center

So where exactly is your data stored in the cloud? We’re not talking about services like Google Drive and Microsoft OneDrive, but where all this stuff is physically (or magnetically) located around the world. On a personal level, many consumers don’t even think about where their valuable data is residing, but for businesses, knowing the physical location could be vital information for easing the worries of many customers.

The question about where cloud-based data is physically located stems from a recent survey conducted by UKFast. The company surveyed IT “decision makers” within more than 300 EU businesses to find out if they knew where their data was stored on a geographical level. Unsurprisingly, 47-percent of these individuals had no clue regarding the whereabouts of this data.

Read more