Microsoft this morning announced its support for the EU-U.S. Privacy Shield, which is designed to safeguard privacy as data is electronically transferred between the two jurisdictions. Put simply, the framework would require that these data protections will be identical to those within the EU.
“At Microsoft we believe that privacy is a fundamental human right,” Microsoft vice president of EU government affairs John Frank writes ina new post to the software giant’s EU Policy Blog. “In a time when business and communications increasingly depend on the transmission of personal data across borders, no one should give up their privacy rights simply because their information is stored in electronic form or their technology service provider transfers it to another country … we believe wholeheartedly that the Privacy Shield represents an effective framework and should be approved.”
The European Commission and the United States agreed on the terms of the EU-U.S. Privacy Shield framework in February after two years of negotiations. It is designed to replace an earlier but vaguer agreement, called Safe Harbor, which the European Court of Justice ruled in October 2015 was no longer adequate to protect personal privacy in the post-Snowden world. But it will need to be accepted by various European governments and data protection authorities first.
Under the terms of the agreement, U.S.-based tech firms like Microsoft and Google would need to adopt stricter personal privacy protections that are afforded to EU citizens. But it also allows U.S. law enforcement to access personal data “under clear conditions, limitations and oversight, preventing generalized access.”
This bit is particularly important to Microsoft. As you may recall, the software giant is engaged in a long-running legal battle in which the U.S. government wishes to gain access to EU-hosted data belonging to a smuggling suspect. Microsoft has argued that the U.S. has no jurisdiction over this data, and that the request is thus illegal.
“People won’t use technology that they don’t trust,” Mr. Frank notes. “Legal rules that clearly delineate individual rights, ensure transparency in how those rights are protected, and offer due process when people believe their rights have been violated. They provide a foundation for trust that is essential to realizing the full power of these new technologies to drive innovation and advance human progress.”
For its part, the U.S. government has said it will not engage in “indiscriminate mass surveillance” of EU citizens, though in some extreme cases—terrorism, for example—mass surveillance would in fact be allowed when a more targeted form of surveillance is not possible.
“The European Commission and U.S. Department of Commerce deserve credit for addressing complicated legal issues in ways that create stronger and pragmatic privacy protection for European citizens while enabling the continued movement of data that is the lifeblood of our economies,” Mr. Frank writes. “The European Union and the United States are better off with this new Privacy Shield.”
Unfortunately, the EU-U.S. Privacy Shield agreement will likely face blistering legal attacks before it is made law. In Europe, a privacy group called the Article 29 Working Party said it would challenge any agreement which did not ensure EU-level privacy controls on U.S companies. And here in the U.S., many tech companies are lobbying against the framework.
Well, Microsoft—a company that doesn’t get enough kudos for its transparent approach to privacy—is not among them.
“By providing a clear framework that ensures key protections of EU citizens continue when data is transferred to the United States, the Privacy Shield framework is an important step in enhancing trust in the global digital economy, and we hope that it will be approved as negotiated,” Mr. Frank concludes.