Dropbox Receives Privacy Shield Certification For EU-US Data Transfers

Steve McCaskill,

Dropbox says it is protecting the privacy of its customers but is Privacy Shield better than Binding Corporate Rules?

Dropbox has received certification for the new EU-US Privacy Shied data transfer agreement, claiming it is “committed” to protecting the privacy and security of its customers’ information.

Safe Harbour, the previous data sharing agreement between the EU and US, was declared invalid in October last year and had been relied upon by Dropbox and other major US tech firms to operate across the Atlantic.

Privacy Shield was adopted in July after months of negotiations and amendments, following complaints from member states that the original proposals were not strict enough.

Dropbox Privacy Shield

dropbox-privacy“We applied early to be certified under Privacy Shield and are delighted to announce that we have now received certification,” said Philip Lacor, the company’s EMEA vice president. “Protecting our customers’ privacy and keeping data secure is our highest priority.

“We will work hard to maintain our Privacy Shield commitments and look forward to the success of the program. We support the new framework as a means to protect individual privacy while enabling users and businesses to benefit from the free flow of data that is so critical to the global economy.”

Dropbox has added numerous security tools in recent years in its courtship of the business market and earlier this year pledged to store European customers’ data in Amazon Web Services (AWS) data centres in Germany.

The cloud storage firm has faced numerous accusations about its attitude towards privacy, most notably from Edward Snowden. Dropbox rejects such claims, promising users their data is secure.

Box, one of Dropbox’s biggest rivals, has been less vocal of its support for Privacy Shield and has instead adopted Binding Corporate Rules (BCRs) to protect the data of its customers and employees.

BCRs are company-specific, as opposed to the general regulations of Safe Harbor and Privacy Shield, and are deemed to be the EU’s highest possible data protection standard.

Dropbox told TechWeekEurope it was fully committed to its customers’ privacy.

“There are a number of valid legal mechanisms for transferring personal data between Europe and the US,” a spokesperson said. “Dropbox is certified under Privacy Shield and, in addition to this, we will continue to offer other legal mechanisms such as Model Contract Clauses (clauses based on EU guidance that are inserted into our contracts with customers to assist compliance with European privacy laws).”

Quiz: The Cloud in 2016!