In an age where people use countless resources to document, record and share their personal experiences every day across various online accounts, the terms in which personal privacy should be taken into account are always evolving. While the internet remains a bastion of open choice, the data shared across it is increasingly being compiled and redistributed by a shrinking number of internet and cloud-connected superpowers.
Microsoft, which deals with data privacy internationally and domestically, recently opened up about the recent collapse of a 15-year US-EU Safe Harbor agreement. Microsoft also offers its proposal for solving the new privacy conundrum that the invalidation of the US-EU Safe Harbor agreement causes.
The decision made clear what many have been advocating for some time: Legal rules that were written at the dawn of the personal computer are no longer adequate for an era with ubiquitous mobile devices connected to the cloud. In both the United States and Europe, we need new laws adapted to a new technological world.
As for how Microsoft would like to handle the change, the company is proposing a shift in advocating that privacy is fundamental human right, advocating a need for a global Internet, keeping the public safe online. Microsoft’s recent legal issues regarding its policies over data between the US and Ireland helps encapsulate the overall privacy discussion. As the U.S. Supreme Court ruled that police must obtain judicial warrants prior to searching the contents of a phone lat year, it stated its decision was based on a phone containing a broad array of private information. More specifically, smartphones, hold for many Americans ‘the privacies of life.’
The same should apply to companies that harbor the personal data of its users.
In practical terms, these revelations mean that European policymakers now need to assess anew whether European citizens continue to have privacy protection that is “essentially equivalent” to the rights that apply at home after their personal information crosses the Atlantic. If they do not, then, the Safe Harbor put together at the turn of the century cannot be resuscitated without new changes. What this really means, as is now clear to officials on both sides of the Atlantic, is that the old harbor needs to be replaced by something better.
[pullquote align="full" cite="" link="" color="" class="" size=""]"privacy is fundamental human right that spans regional borders and is applied to individuals regardless of where they are"[/pullquote]
Microsoft’s four-point proposal starts with ensuring that people across the Atlantic have the legal rights to move their data. This speaks to the idea that privacy is fundamental human right that spans regional borders and is applied to individuals regardless of where they are.
This is a straightforward proposition that would require, for example, that the U.S. government agree that it will only demand access to personal information that is stored in the United States and belongs to an EU national in a manner that conforms with EU law, and vice versa.
Secondly, Microsoft wants the requirement of a new trans-Atlantic agreement both a safe harbor and a new type of connection between ports. What this means is that there is a streamlined process for government bodies on both sides of the Atlantic to access online personal information. More to the point, Microsoft is encouraging lawful request that can be reviewed and only seek information within the limits of its governmental laws.
This would ensure precisely that, because their own governments would continue to apply their own law. And because this process would work in both directions when American data is moved to Europe, American citizens would continue to be protected by U.S. law and the principles in the U.S. Constitution.
The third pillar to Microsoft’s proposal has to do with an exception for citizens who physically move across the Atlantic. Governmental bodies should be able to request from its courts to the ability to snag data from current citizens traveling abroad on either coast.
For example, the U.S. government should be permitted to turn solely to its own courts under U.S. law to obtain data about EU citizens that move to the United States, and the same is true for a European government when U.S. citizens reside there.
The practicality of this proposal is already consistent with the long-standing principles already in place for physical jurisdiction.
Microsoft’s last proposal addresses the nuances of international business who now deal with information stored in the cloud.
"It makes sense, except in the most limited circumstances, for governments on both sides of the Atlantic to agree that they will seek to access the content of a legitimate business only by means of service on that business, even when it is stored in the cloud.
Combined, Microsoft likens its four-pronged approach to a privacy Rubik’s Cube. The complexities of privacy, borders, legality and rights all need to be worked on simultaneously before a clearer picture can be established.