In a post on the Microsoft European Union (EU) Policy blog, Microsoft Vice President for EU Government Affairs, John Frank, applauded the new EU-US Privacy Shield decision. Microsoft believes that privacy is a fundamental right, and the new EU-US Privacy Shield decision sets a new standard for protecting Europeans’ personal data.
Frank notes what the Privacy Shield will do for Microsoft in the on both sides of the Atlantic:
"This is an important achievement for the privacy rights of citizens across Europe, and for companies across all industries that rely on international data flows to run their businesses and serve their customers. The successful and rigorous negotiations also demonstrate progress between Europe and the United States on a vital issue for transatlantic coordination. While we rely on different legal frameworks, we share the same privacy values on both sides of the Atlantic.
I believe the Privacy Shield now meets each of those requirements. The Privacy Shield secures Europeans’ right to legal redress, strengthens the role of data protection authorities, introduces an independent oversight body, and it clarifies data collection practices by U.S. security agencies. In addition, it introduces new rules for data retention and onward transfer of data. Importantly, key Privacy Shield provisions will also be extended to alternative data transfer mechanisms, such as EU Model Clauses.
The Privacy Shield puts data flows between Europe and the U.S. on a solid legal foundation. For me, one of the key points in the decision is the annual review clause. This makes the Privacy Shield a living framework. It can evolve over time, adapting to changes in data practices, technology and privacy laws. Our customers, our vast network of partners in Europe and Microsoft itself will all benefit from a stable legal framework, with flexibility built in. The Privacy Shield ensures that enduring values remain protected at a time when technology changes ever more quickly."
Previously announced in April 2016, Microsoft will now start to put the Privacy Shield requirements into effect.