Chris Strand comments on Privacy Shield discussions
August 2020 by Chris Strand, Chief Compliance Officer at IntSights
Chris Strand, Chief Compliance Officer at IntSights comment on the US and EU starting discussions on the Privacy Shield data sharing agreement. If you would like to speak to Chris about his comment, please do let me know.
“There are a number of concerns and issues that come to mind when considering the US and EU data sharing agreement (former Privacy Shield agreement) and the drafting of a new agreement that gives equal redress rights to citizens in both the EU/UK and the US.
Top issues that could be considered are how to incorporate many of the various information privacy laws that have come into play since the previous version of Privacy Shield was enacted (i.e. GDPR) and aligning the new version of Privacy Shield to meet the increased rigor and personal data use definitions and rights that they grant. This will be a common threat in other similar data sharing agreements around the globe with the evolution and maturity of many personal data privacy laws. Balancing those evolving rights for EU/UK citizens against the increase in US surveillance practices could be a problem as those practices fail to grant EU citizens adequate rights to challenge the collection of their data. This was the main concern when the original agreement (Safe Harbour) was dismissed by the EU.
Another critical issue is that many business processes and technologies that businesses rely on may become irrelevant or non-compliant. Many businesses in both the EU/UK and the US have relied on the prior Privacy Shield agreement to build their technology stack to a data compliance specification. Considerations on retention, encryption, data loss, storage, intelligence, and erasure/dismissal, may all need to be re-addressed, which will be costly and outside of the grasp of small to medium sized businesses who have been built based on international data sharing.”