Google Adopts new EU US Privacy Shield framework

The average small- to medium-sized business owner is often required to act as a jack of all trades, and the trade du jour is data compliance. Every day, 2,500,000,000 gigabytes of data is created; sometimes it’s as innocuous as a selfie after catching up with an estranged friend, but just as often it’s credit card transactions, medical records, or private communications.

In addition to the information security experts working overtime to create sufficient protection protocols, governments around the world have begun drafting legislation to mandate minimum security standards for the protection of private and confidential information held by businesses. Most of the time, just keeping up with these laws on a domestic level is quite difficult, but what happens when these records are transmitted abroad — in most cases to totally different regulatory frameworks?

This is exactly the concern that brought down the EU’s first attempt at an international framework. Because of the U.S. government’s generous legal authority to demand and intercept private information (regardless of origin) in the name of national security, the European Court of Justice was forced to strike down the ‘International Safe Harbor Privacy Principles.’ Releasing an official statement in late 2015, the court stated the principles “compromis[e] the essence of the fundamental right to respect for private life.”

What came next

Our friends across the pond were quick to formulate their answer: The EU-U.S. Privacy Shield Framework (EUPS). Drafted as a collaboration between the U.S. Department of Commerce and European Commission, the goal of EUPS was to create a legal standard for privately-owned businesses whose operations involved the transfer of protected EU-citizen data abroad. On July 12 of this year, the European Commission ratified EUPS and began enforcing it immediately. This means that if your personal data is held by one of the signing companies, that private information will remain governed by EU privacy laws while abroad.

Although Microsoft and Salesforce were early adopters of the framework, Google is arguably the most influential name on the list. In an August 29 post on the Google Apps for Work blog, the company’s head of compliance announced Google’s commitment to both EUPS and the EU Model Contract Clauses that acted as placeholders during the one-year hiatus. His post lauded EUPS as a “significant milestone for the protection of Europeans’ personal data [that] promotes trust in the digital economy.”
[code-snippet name=”cta6″]

A post-EUPS world

Like any compliance framework, the full text of EUPS is a long and complicated affair, mostly outlining the scope of technical requirements and enforcement. There are a few pieces relevant to the average user, however, such as commitments by the US government and signing companies to adhere to strict privacy protocols for EU-citizen data. These commitments must be included in company privacy policies along with a link for submitting complaints about the handling of user data. If a complaint is filed, EUPS requires signed companies to respond within 45 days.

One of the reasons this is so meaningful is that Google isn’t actually legally required to adopt EUPS. Even though the framework is enforced by the International Trade Administration of America’s Department of Commerce, it only applies to those who have joined voluntarily. Despite the elective nature of the agreement, the European Commission is currently reviewing applications from over 500 companies.

SMEs often decry the heavy burden of regulations as unfair to their comparatively low resources, but Google has passionately defended the legal certainty and citizen privacy that will accompany EUPS. As specialists in not only cloud technology but also EU data privacy requirements, Damson Cloud is here to bring those two forces together. Our team works day and night to reduce your organisation’s legal burdens, costs, and downtime with cream-of-the-crop cloud platforms. We trust Google, and you can trust us.

We mentioned that a business owner needs to be a jack of all trades who recognizes those that are a master of one. We are that ‘one.’ With more than 40 years of combined experience in the industry, we confidently assert ourselves as the solution to all your compliance concerns. Regardless of which end of the EUPS your business resides, contact us today to get the answers you’re looking for.