US software giant Microsoft, which has substantial software and data centre infrastructure in Ireland, has become the first US multinational to endorse the EU-US Privacy Shield, the successor to Safe Harbour, potentially ending months of data hanging in legal limbo.
Microsoft legal counsel John Frank, vice-president of EU Government Affairs, said that the software giant will sign up to the EU-US Privacy Shield.
Privacy Shield is the new framework agreed by Europe and the US to fill the void left by the striking down of Safe Harbour.
Safe Harbour was abandoned after a high-profile case by Austrian data activist Max Schrems exposed shortcomings in how tech firms protected EU citizens’ private information. The case was compounded by further revelations by former NSA contractor Edward Snowden about the modus operandi of US and UK intelligence agencies.
In October, the European Court of Justice declared Safe Harbour invalid.
‘We continue to believe today that additional steps will be needed to build upon the Privacy Shield after it is adopted’
– JOHN FRANK, MICROSOFT
This was followed by a new structure called the EU-US Privacy Shield, which on the surface aims to protect European citizens’ private data from mass surveillance.
But, since October, the $260bn transatlantic digital industry has been in legal limbo until companies themselves stepped up to the plate and agreed to toe the line with Privacy Shield.
Microsoft believes Privacy Shield will protect EU and US citizens’ privacy
Now Microsoft has become the first of the US multinationals with a substantial European presence to ratify the new framework.
Frank, who up until last year was responsible for Microsoft’s law enforcement and national security matters at the company’s headquarters in Redmond, said that Microsoft believes privacy is a fundamental human right.
“In a time when business and communications increasingly depend on the transmission of personal data across borders, no one should give up their privacy rights simply because their information is stored in electronic form or their technology service provider transfers it to another country,” he said in a blog post.
Frank said that the tech giant believes Privacy Shield represents an effective framework and should be approved.
“As a company, we’ve also said since last fall that no single legal instrument can address for all time all of the privacy issues on both sides of the Atlantic.
“We continue to believe today that additional steps will be needed to build upon the Privacy Shield after it is adopted, ranging from additional domestic legislation to modernisation of mutual legal assistance treaties and new bilateral and ultimately multilateral agreements.
“But we believe that the Privacy Shield as negotiated provides a strong foundation on which to build.”
Frank said that Microsoft pledges to sign up for the Privacy Shield and will put in place new commitments to advance privacy as the instrument is implemented.
He said that this will involve responding promptly to individual complaints within 45 days and cooperating with EU national data protection authorities.
“We also welcome the obligations in the Privacy Shield for transparency about government requests of access to personal information.
“As a company, we have advocated for greater US transparency.”
In 2013, Microsoft and other US tech companies successfully challenged the US government over its constitutional right to disclose more detailed information about the government’s demands for data.
Frank pointed to the lawsuit Microsoft took against the US government after it tried to force the company to disclose email stored in its data centre in Ireland.
“In this area, as in others, we believe the Privacy Shield represents an important step in the right direction.”
Microsoft main image via Shutterstock