Microsoft Supports EU-US Privacy Shield Framework

Microsoft thinks new Safe Harbour 2.0 framework is a “clear framework that ensures key protections of EU citizens”

Microsoft has come out in support of Privacy Shield, the Safe Harbour transatlantic data privacy agreement replacement, calling the new scheme a “step in the right direction”.

Despite criticism of the Privacy Shield framework, which was announced on Monday, Microsoft has said that it will endeavour to implement the new framework and put in place “new commitments” to advance privacy.

“We appreciate that the Privacy Shield creates alternative approaches for addressing and resolving disputes, recognizing that the thousands of companies and organizations that will depend on it are at different stages of maturity, growth, and physical presence in Europe,” wrote John Frank, Microsoft’s vice president of European government affairs.


“Part of Microsoft’s commitment, as the Privacy Shield envisions, will be to respond promptly to any individual complaints we receive. Specifically, we’ll do this within 45 days. In addition, Microsoft will commit to cooperate with EU national Data Protection Authorities and comply with their advice as regards any disputes under the Privacy Shield.”

safe harbourBut reports on Monday suggested that the new data sharing agreement between Europe and the US may not be adequate.

The transatlantic Safe Harbour 2.0 agreement (or EU-US Privacy Shield) was finally agreed in early February to replace the previous Safe Harbour legislation that was ruled invalid by a European court on October 6 last year.

But leaked extracts seem to suggest that key European data regulators have their doubts about the new deal, and will not support it in its current form.

The blog of a lawyer and privacy expert Dr. Carlo Piltz first spotted the leaked PDF extract after the German Data Protection Authorities (DPAs) met to discuss several current privacy topics.

These DPAs provided a hyperlink to a PDF file (since deleted) containing the initial assessment of the agreement by the European Data Protection Authorities (the so called “Article 29 Working Party”).

Back in February the WP29 said they would take a couple of months to examine the new data sharing agreement.

“Until these issues are addressed, the WP29 considers it is not in a position to reach an overall conclusion on the draft adequacy decision,” the extract states.
It stresses that some of the clarifications and concerns – in particular relating to national security – may also impact the viability of the other transfer tools.

“Therefore, the WP29 is not yet in a position to confirm that the current draft adequacy decision does, indeed, ensure a level of protection that is essentially equivalent to that in the EU,” it concludes.

“We’re entering a remarkable period in the history of technology development as cloud computing connects people around the world to advanced capabilities that have the potential to drive economic growth and address some of the world’s most pressing challenges,” said Microsoft.

“But people won’t use technology that they don’t trust. Legal rules that clearly delineate individual rights, ensure transparency in how those rights are protected, and offer due process when people believe their rights have been violated. They provide a foundation for trust that is essential to realizing the full power of these new technologies to drive innovation and advance human progress.

“It took two years of intense negotiation for the European Commission and the U.S. Department of Commerce to hammer out the new Privacy Shield agreement. We appreciate their hard work.”

Take our cloud quiz here!