BSA President & CEO Victoria Espinel penned the op-ed below that ran earlier today in The Hill. As she notes, today is the first day that companies can certify with the Commerce Department for the Privacy Shield.
Why are data transfers across the Atlantic so important? Cloud computing services and data analytics increasingly depend on the ability to move data across borders. And these services dramatically improve the efficiency and competitiveness of businesses large and small. They also improve our cybersecurity defenses. If data has to stop at national borders, the benefits of cloud computing will be greatly reduced, and the economies on both sides of the Atlantic will suffer as a result.
BSA thanks the US Department of Commerce and the European Commission for their hard work and successful completion of the Privacy Shield.
Privacy Shield Attracts Strong Company Support
August 1 marks the beginning of a more stable and secure era for trans-Atlantic data transfers. That’s the day Privacy Shield, a new agreement between the United States and the European Union, takes effect. And it’s off to a good start, with a number of major companies already announcing that they will join, and many others favorably considering participation in the new framework.
Privacy Shield, completed in July after lengthy negotiations, is the successor to the Safe Harbor Framework, the U.S.-EU agreement that for fifteen years had provided a reliable basis for transfers from Europe of personal data in commercial contexts. Privacy Shield – as its name suggests — offers strengthened privacy protection, including rigorous oversight of company compliance, and greater controls on onward transfers of data to third countries for processing. Companies that pledge to implement its provisions, and live up to their commitments, will be able to freely move personal data from Europe to the United States.
Today’s software companies — and their customers — need this firm legal foundation for moving data across the Atlantic swiftly and efficiently. So companies are carefully studying what the Privacy Shield has to offer, and, in many cases, moving quickly towards qualifying for the new framework. A number of BSA members – Workday, CA Technologies and Microsoft among them — already have announced they will self-certify their participation on or soon after August 1, and are working hard to put into place the enhanced privacy measures that the Privacy Shield requires.
Privacy Shield brings important certainty and stability to the current environment for trans-Atlantic commerce and privacy protection. It’s an important diplomatic achievement, for which the U.S. and EU authorities deserve much credit.
And it comes at the right time, just as another principal method of cross-border data transfers, standard contractual clauses, is facing judicial scrutiny. A suit is now pending in Ireland challenging the legitimacy of such clauses, in a legal dispute that likely will be referred to the European Court of Justice for resolution. BSA has joined the Irish case as a friend of the court, to make sure the economic importance of trans-Atlantic data flows is fully understood.
Privacy Shield thus arrives at a moment when the political and legal environment for trans-Atlantic data transfers still is not entirely settled. That’s exactly why it’s a key step forward for software companies, their customers, and for the data-driven economy.