Grounded in the Cloud
Showing results for 
Search instead for 
Did you mean: 

Data Privacy / Sovereignty Update


Earlier this week, I shared some thoughts on data sovereignty and data privacy. I also included that I would provide an update on the topic every once in a blue moon, or when something interesting happens in the news.

Something interesting happened.


To get everyone up to speed – In October 2015, the European Court of Justice was asked to rule on the adequacy of the Safe Harbor privacy regulations, which were originally accepted by the European Commission in July 2000. After some legal review by various European courts, the European Court of Justice invalidated the Safe Harbor agreement, requiring the European Commission to revisit the regulations between the EU and the United States. In February 2016, the EU and the US had reached an agreement (called the Privacy Shield) to address the concerns that invalidated Safe Harbor. And the world’s biggest companies – directly affected by the Safe Harbor invalidation – breathed a massive sigh of relief.

Fast forward to the present – two months after approving the Privacy Shield, regulators in the EU have come out and stated that the agreement still did not provide adequate privacy guarantees to European Internet users. Specifically, the concerns revolve around how data is stored and used by social media and search companies. The end goal of the European regulators is to have an agreement in place that forces US based companies to treat and protect data much in the same way that it is treated by the EU countries.

So, to summarize from my perspective: The new Privacy Shield between the EU and the US was a step (or maybe even two steps) in the right direction, but close was not close enough. It is back to the negotiation table for the two sides.

The good news is that we (United States) have a very clear understanding of the direction that the EU wants that US regulations to take – mimic the data privacy regulations of Ireland, Germany of some of the other EU members. The bad news is that it will be extremely difficult for the United States to copy and paste those regulations, as there are numerous legal (and arguably Constitutional challenges) that prevent it. Add to the mix the contentious election cycle, and it could be some time before we see resolution on a new set of Safe Harbor / Privacy Shield / data sovereignty regulations.

I will try to update when something new interesting happens in this regard. Stay tuned!

About the Author


Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.


As if that were not enough, Microsoft announced today that it was suing the US federal government for being prohibited from informing customers when the DOJ seizes cloud related data from their customers.  Here is a great article about it:


Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all