According to a report from Reuters, Microsoft today agreed to sign up for EU-US Privacy Shield, a new transatlantic commercial data pact that will allow the company to transfer data from EU to US. According to the report, Microsoft also said that it would “resolve any disputes with European privacy watchdogs”.
This new legal framework was agreed by the United States and the European Union in February, a few months after the European Union’s top court broke down the Safe Harbour framework that previously allowed tech companies like Microsoft to easily transfer personal data to the US in compliance with strict EU data transferral rules. “I’m pleased to announce today that Microsoft pledges to sign up for the Privacy Shield, and we will put in place new commitments to advance privacy as this instrument is implemented”, Vice President of EU Government Affairs John Franck wrote in a blog post.
To comply with EU data protection laws, companies which want to transfer personal data to countries deemed with insufficient privacy safeguards (such as the United States since revelations by Edward Snowden on mass U.S. government surveillance program) have to set up complex legal structures or use legal frameworks such as Safe Harbour, which has been repealed in October following a legal challenge.
But as Privacy Shield is currently criticized by various privacy groups for failing to address concerns about U.S. surveillance practices, the European Commission will try to avoid a future court challenge by exhorting companies transferring human resources data to submit to the jurisdiction of European regulators (it will be voluntary for other companies). The Privacy Shield framework will also be enforced by the U.S. Department of Commerce and the U.S. Federal Trade Commission. However, the new transatlantic commercial data pact still has to be endorsed by EU data protection regulators which will reportedly discuss it during a two-day meeting starting tomorrow.
Further reading: Microsoft, privacy shield