As a global entity trafficking in international data, Microsoft’s adherence to privacy and security are further underscored by the many certifications, compliance standards, and security measures the company seeks and implements into its software and services. As of Monday, September 26, 2016, Microsoft added yet another protection measure by joining the apparently controversial US-EU Privacy Shield data transfer agreement.
Microsoft’s addition in the collation to securely transmit data in a global economy comes just days after cloud storage competitors Dropbox and Google (among others) also adopted the Privacy Shield agreement. As a bit of a refresher, the US-EU Privacy Shield data transfer agreement is essentially a safeguard against US authorities accessing data from European consumers while also creating a framework of legalities for European customers who feel their data has been mishandled to unjustly exposed.
Info Security quotes Azure senior director Alice Rison as saying:
Adherence to this framework underscores the importance and priority we at Microsoft put on privacy, compliance, security, and protection of customer data around the globe.
With many of the heavy hitters in transcontinental cloud data trafficking all supporting the new Privacy Shield framework, logic would dictate that the new agreement would be a slam dunk in consumer appeal. However, the EU-US Privacy Shield still retains a fair share of criticism and public scrutiny despite its best efforts to protect global data traffic.
The major criticism of Privacy Shield is that it’s not as stringent as companies would lead consumers to believe. Rather than an official body certifying standards under a transparent process, the companies who opt to participate in the agreement provide their own self-certifications, leaving the level of security an uncertain landscape.
Additional concerns regarding Privacy Shield have cropped up about its ability to withstand future scrutiny by determined legal entities. Without a systemic overhaul of privacy legislation in the EU and particularly in the US, consumer data protected by Privacy Shield may still be subject to “indiscriminate surveillance,” leaving many without any recourse under the new agreement standards.
According to Tomaso Falchetta, the legal officer at Privacy International in an email addressing this very issue:
In short: new ‘Shield’, old problems. Given the flawed premises of trying to fix data protection deficit in the US by means of governments assurances as opposed to meaningful legislative reform – it is not surprising that the new Privacy Shield remains full of holes and hence offers limited protection to personal data.
Despite the poignant criticism of Privacy Shield, what limited protections it does offer should still be a welcomed ‘first-step’ into securing user data while Microsoft and others push for stronger measures. Let us know in the comments if you think the Privacy Shield will have a positive or negative impact on privacy.