In 1998, the European Union, United States, and Switzerland entered an agreement called Safe Harbor, which was enacted to assure that the data collected, stored, and used by businesses within and among these nations would be kept to a mutually-agreed upon standard of privacy. In October of 2015, a judge for the European Court of Justice struck down Safe Harbor, largely in response to the United States government’s spying habits, made legal by the Patriot Act (enacted following the terrorist attacks on 9/11).
Privacy Shield to Replace Safe Harbor
In response, the EU and US set about drafting a replacement policy, under which US and EU businesses could work together in endeavors that require the sharing of data on private citizens. For example, businesses need a legal umbrella and guidelines under which to utilize offshore cloud service providers, data collection and processing services, etc. The resulting policy is called Privacy Shield, and though certain aspects of the new agreement have yet to be ironed out, the EU is behaving as if it is law.
The Privacy Arena: U.S. Versus the World
While Europe has led the way in terms of data privacy and protection for its citizens, almost all developed nations are considering legislation, both about handling citizens’ data within their borders, and regarding sharing of such data globally. Macau, Hong Kong, South Korea, Germany, the United Kingdom, Belgium, Spain, and Austria are just a few of the countries in which data privacy has made legal headlines. Under the European Data Protection Directive, enacted in 1995, only ten countries are deemed able and willing to adequately protect the data of European citizens. (Those are Argentina, Switzerland, Israel, New Zealand, and Uruguay, Andorra, Guernsey, the Isle of Man, the Faroe Islands, and Jersey, and on a limited basis, Canada and Australia, as well.)
Laws Passed in the 1990’s Have Little Relevance Today
Unfortunately, US businesses have a lot going against them. In a survey of 20 industrialized nations, the US was named the least trusted in terms of data privacy and security, and was noted as the most likely to gain unauthorized access to sensitive personal information on citizens. This isn’t helped by the fact that many of the privacy and data security laws in the US were enacted back in the 1990’s, when mobile, big data, cloud computing and storage, and other such technologies were either not on the scene or were still in their embryonic stages.
That means that US businesses must act on their own, regardless of any federal or international policies to govern their actions. Both President Obama and Prime Minister Cameron have been outspoken about privacy laws and regulations, but both are bent more toward allowing more government access to data on private citizens, not less. In the aftermath of a long and gruesome series of acts of terror around the world, it’s becoming difficult to argue against allowing law enforcement agents to track perpetrators of violence and stop them before mounting more human casualties. As always, it becomes a matter of security versus privacy, with privacy often losing out to the safety of our loved ones.
Protecting Your Business in the Era of Data Privacy
So, where does that leave businesses like cloud service and storage providers, cloud backup and disaster recovery services, data controlling businesses, data processing businesses, etc.? While everyone still must abide by Privacy Shield and other in-force laws and policies, businesses should also go the extra mile to assure data privacy, even when it isn’t mandated by law. In the end, most situations will be handled legally on a case-by-case basis, meaning if your company is doing everything right, you will inevitably in the clear, no matter what laws they pass or strike down.
When it comes to cloud storage and data processing, nobody has more international expertise or data security and protection than Bigstep. Learn more about us and how we can keep you out of the hot waters of global data privacy today.