Tweet Cloud Computing, Data, Global Markets, Privacy

Privacy Shield: A Strong Framework for Transatlantic Digital Trade

The Privacy Shield agreement has already improved data protection and digital trade between the EU and the US in its first year, and that should continue, writes Victoria A. Espinel.

**This article first appeared on EURACTIV on September 18, 2017.**

The Privacy Shield agreement has already improved data protection and digital trade between the EU and the US in its first year, and that should continue, writes Victoria A. Espinel.

The EU-US Privacy Shield achieves the right balance between data protection and the need for uninterrupted data flows. In its first year, it has already improved protections for the personal data of EU citizens, and provides a foundation for the growth of innovative services on which our economies and job growth greatly rely.

As the Privacy Shield’s first annual review starts Monday (18 September), we should not underestimate the progress that has already been made to strengthen it.

The global economy is more interconnected than ever before. The amount of data being shared around the world has grown 45 times larger since 2005. And we expect an even sharper increase over the next decade, according to a McKinsey report.

Data flows transmit valuable information and underpin the movement of not only services and finance, but also goods and people. Almost every type of transaction today has both a digital and international component and therefore relies on the unhindered and uninterrupted flow of data.

This includes personal data, which always carries a higher level of protections to safeguard privacy. Protecting privacy and allowing data flows are not mutually exclusive – in fact, they are both essential as the EU seeks to reap the benefits of the global data economy.

The Privacy Shield framework successfully balances the two priorities. The agreement improves privacy protections and ensures that data can continue to flow across the Atlantic, supporting the EU-US trillion-euro trade relationship, by far the largest in the world.

It is important to understand how the Privacy Shield improves upon the protections of its predecessor, the “Safe Harbor” Framework. The new framework is the result of intense and constructive negotiations between the European Commission and the US government that ended in summer 2016.

Compared to Safe Harbor, Privacy Shield provides significant enhancements and considerably stronger data protection obligations for companies transferring EU citizens’ data to the United States.

Take commercial practices, for example. The Privacy Shield imposes stricter onward transfer requirements for third-party processing of EU data, and stronger monitoring and enforcement by US authorities. It also gives EU citizens several additional redress possibilities if they think their data has been misused, including the ability to lodge a complaint with the company or their local data protection authority.

Software companies are at the forefront of the digital transformation and are responsible stewards of the data that individual customers and companies across all industries entrust to them. Customer trust is key, and in order to retain it, software companies have placed privacy at the very core of their services.

There are 2,400 companies certified to the Privacy Shield, and they have invested considerable efforts and resources to revise their privacy policies and procedures to correspond to the agreement’s tougher privacy requirements.

These companies have changed internal compliance programs and oversight mechanisms, appointed privacy officers, and amended contracts with third parties that process EU-origin personal data, to name a few. Moreover, companies are taking substantial actions to comply with the EU’s new privacy regime, the General Data Protection Regulation, which will enter into force next year.

These changes complement the US government’s commitments under the agreement, including the establishment of an ombudsperson within the Department of State who will handle EU citizens’ complaints relating to surveillance activities.

The Privacy Shield’s more robust framework provides businesses with the legal certainty they need to continue operating and innovating, a fact reflected in its rapid adoption by companies both large and small, US and European.

Privacy Shield has already attracted a huge amount of companies in its first year: more than half the number of companies that previously certified during the Safe Harbor’s 15 years of operation. Legal certainty is not only important to Privacy Shield-certified companies, but also to their customers.

Victoria Espinel

Author:

Victoria Espinel is a respected authority on the intersection of technology innovation, global markets and public policy. She leads strategic efforts that help shape the technology landscape in 60 countries through work in BSA’s 10 global offices.

Espinel also serves as the President of Software.org: the BSA Foundation. Software.org is an independent and nonpartisan international research organization created to help policymakers and the broader public better understand the impact that software has on our lives, our economy, and our society.

Espinel served for a decade in the White House, for both Republican and Democratic Administrations as President Obama’s advisor on intellectual property and, before that, as the first ever chief US trade negotiator for intellectual property and innovation at USTR. She was also a professor of international trade and intellectual property at the George Mason School of Law.

Espinel is a founding and ongoing co-sponsor of Girls Who Code’s Washington, DC, summer immersion program, which empowers young women to pursue careers in STEM fields. She speaks before audiences around the world to build visibility for the amazing things people can do with software, and encourages businesses, governments, and the public to support a policy environment that will enable even more software breakthroughs.

Espinel chairs the World Economic Forum’s Global Future Council on the Digital Economy and Society. She was appointed by President Obama to serve on the Advisory Committee on Trade Policy and Negotiations (ACTPN), the principal advisory group for the US government on international trade. She holds an LLM from the London School of Economics, a JD from Georgetown University Law School, and a BS in Foreign Service from Georgetown University’s School of Foreign Service. Follow her on Twitter: @victoriaespinel.

Leave a Reply

Your email address will not be published. Required fields are marked *