International data transmissions have always been fraught with issues, mainly concerns over privacy and security. To address these issues, the European Union and United States introduced a blanket set of laws dubbed “Safe Harbor”. Not too long ago, however, Safe Harbor was struck down amid growing concerns of its inadequacy to protect data in the face of revelations made by former National Security Agency contractor Edward Snowden. Lawmakers on both sides were given until February 2nd to get a new system ready to put in place. A proposal was written up and talked over, but only now are the real fruits of the agreement coming to bear in the form of the joint unveiling of Privacy Shield by the U.S. and the EU.
Privacy Shield is not intended as an in-place replacement for Safe Harbor, or a continuance or refinement of it. Rather, the new law is set to be a new deal entirely. At its core, the new law dictates that data traveling internationally can, at the discretion of the data’s originator, be subject to the laws of its homeland or the laws of its destination. For instance, a Facebook user in Ireland may have their data travel to EU servers, then again to California for Facebook’s home database to store and analyze it. All the while, the data could fall under Irish, American or European law at Facebook’s discretion. A related notice is also required to be served to individuals under this law. On top of all that, data that goes from a Privacy Shield participant to a third party must be subject to applicable terms that limit the use and transmission of the data to an express purpose laid out by the data originator that is subject to applicable privacy laws. Other major tenets include a yearly renewal of participants’ agreements, cost-free recourse for wronged individuals and an agreement that data handled under Privacy Shield regulations must continue to be handled according to those rules if the participant leaves the program.
The new law will require minimal changes and maintenance for participants in comparison to most alternatives, especially letting the law framework collapse and allowing individuals, countries, agencies and businesses to all duke it out over legal and logical uses of individuals’ data. The new law set is being taken seriously from the get go, with the introduction letter including a clause that says, for all intents and purposes, any accusations or evidence of falsified participation in Privacy Shield will be deeply investigated. Whether this new set of laws will be enough to provide adequate data protection is yet unknown, but it’s very clear that the new set of laws is handily able to take the place of Safe Harbor, albeit while changing the game a bit.