Microsoft has become one of the first major US tech companies to confirm its support of the EU-US Privacy Shield, the successor of the now defunct Safe Harbour Agreement.
Data transfer between the EU and the US has been on relative shaky legal grounds over recent months, as between the EU striking down the Safe Harbour Agreement and introducing the EU-US Privacy there has not been an official framework. While Microsoft has publicly stated its approval of the agreement, it does not believe that it goes far enough.
“We recognize that privacy rights need to have effective remedies. We have reviewed the Privacy Shield documentation in detail, and we believe wholeheartedly that it represents an effective framework and should be approved,” said John Frank, Vice President EU Government Affairs at Microsoft, on his blog.
“We continue to believe today that additional steps will be needed to build upon the Privacy Shield after it is adopted, ranging from additional domestic legislation to modernization of mutual legal assistance treaties and new bilateral and ultimately multilateral agreements,” said Frank. “But we believe that the Privacy Shield as negotiated provides a strong foundation on which to build.”
Back in October, the European Court of Justice decided that Safe Harbour did not give data transfers between Europe and the US adequate protection, and declared the agreement which had been in place since 2000 void. The EU-US Privacy Shield, Safe Harbour’s successor, has also come under criticism in recent weeks as concerns have been raised to how much protection the reformed regulations protect European parties.
While Microsoft does appear happy with the new agreement, there have been industry commentators who have outlined their own concerns. Privacy activist Max Schrems, who has been linked to the initial downfall of Safe Harbour, said in a statement reacting to Privacy Shield, “Basically, the US openly confirms that it violates EU fundamental rights in at least six cases.” Others to react negatively are German MP Jan Philipp Albrecht who commented on twitter, “This is just a joke. @EU_Commission sells out EU fundamental rights and puts itself at risk to be lectured by CJEU again”, as well as whistle blower Edward Snowden who said, “It’s not a “Privacy Shield”, it’s an accountability shield. Never seen a policy agreement so heavily criticized.”
As part of the announcement, Microsoft has also committed to responding to any complaints about its participation in Privacy Shield within 45 days.