Do you know who’s looking at your data? If your hosting provider is based outside of the UK, then probably not. Over the last few months there’s been a whole world of confusion over how and what should govern the transfer of data following the demise of Safe Harbour; companies wait impatiently for an update to the new version of the agreement but as fresh info rolls in, it still seems like it’s not doing enough. We’re taking a deeper look at the latest news on the agreement.
Yesterday EU watchdogs, the European Data Protection Authorities, urged for revisions on Privacy Shield; the revised framework that looks after the transfer of data between the EU and, for the most part, the US. And it sounds like they’re still unhappy with how the agreement is proposing to take care of EU citizens’ data when its abroad.
This goes right back to the original version of Privacy Shield – Safe Harbour. In a nutshell, the Safe Harbour agreement was put in place to allow unlimited transfer of data between the EU and the US.
Fifteen years on, many felt that it wasn’t doing a good enough job vetting the data security credentials of US companies so, in October last year, it got the boot. Ever since then the US and EU have been trying to come to an agreement.
Unfortunately, it seems like Privacy Shield just isn’t cutting the mustard as the Article 29 Data Protection Working Party has said it’s still concerned about the possibility of “massive and indiscriminate” bulk collection of EU citizens’ data by the US authorities. Not good.
One of the big problems with the original agreement was that US companies could self-certify that they weren’t doing anything dodgy with our data, and the new version said there would be an ombudsperson checking that this was being held up. However, Chairman of the group, Isabelle Falque-Pierrotin, said: “We believe that we don’t have enough security [or] guarantees in the status of the ombudsperson and in their effective powers to be sure that this is really an independent authority.”
It’s vital that companies know who’s accessing their data, and under what circumstances, so that they can guarantee that their clients’ data, as well as their own, is safe.
Our CEO Lawrence has given his thoughts on the update:
“It’s Safe Harbour dressed up. It’s exactly the same thing except they’ve add an ombudsman, which is pretty useless when you consider it’s under US jurisdiction. I think one of the biggest problems with Safe Harbour, and now with Privacy Shield, is that the American government is able to access companies’ data. So if you’re a business that’s being hosted by an American organisation you’ve got to acknowledge that the American government can access that data whenever they want without a court order.” Read more in Lawrence’s blog!
Who you host with – and where their data centres are – has a huge effect on your data sovereignty. At UKFast all of our wholly owned data centres are UK-based, which means we’re fully compliant with the Data Protection Act.
Download our Privacy Shield whitepaper for the full scoop on the new agreement and how where you hosts affects your data privacy.