While the EU commission and US-Officials announce the new “EU-US-Privacy Shield” as a break through, it hasn’t even been written down officially and is already being criticised from many sides.

With a significant judgement, the European Court of Justice (ECJ) has ended the Safe-Harbour Privacy Principles in October 2015. The reason for this was the startling lawsuit of the Austrian Maximilian Schrems against Facebook for handing over his data without consent.

Even though the decision has been met with approval from many sides it doesn’t actually establish more clarity in the discussion about online data privacy. The United States of America, probably afraid of reputational damage, or even bad impact on business for their IT-industry managed to agree on a new treaty with the EU-commission in almost no time. Apparently the US adjusted its course and even gave in to some demands from the Europeans. With the new “EU-US-Privacy Shield” as it is now called, European companies and citizens are to be granted more legal certainty concerning transatlantic data exchanges. For this the American Department of Commerce will be watching US companies that handle sensitive data from the EU. According to the committee’s statement, breaches will be punished much strongly and there will be an ombudsperson who will be acting independently from federal agencies to ensure that the new rules are enforced and acted upon correctly.

While this new agreement between the EU and US is being communicated as a big success and progress towards greater data safety, there are still many critical voices perhaps because it hasn’t even been formulated and written down officially.
Some question its legal status in general since “the assurances seem to rely exclusively on political commitment, instead of legal acts “(source). Others, like German journalists and privacy groups claim it to be a shield with many holes and even a sell-out of constitutional rights.

It remains to be seen, how the eventual agreement will look once it is written down and passed into law and whether it will be for the benefit of European consumers or not.

Until then we recommend companies and private users to stay cautious when storing personal or sensitive data in the cloud. Especially when it comes to foreign providers, since they often have to comply with different legal standards.

For companies the most secure way that will presumably be most compliant to todays and future data privacy laws is to process and store customers’ and other sensitive data on a system run on-site.

Want to find out, how Cryptshare can help you keeping your company's data secure? Visit one of our webinars.