Grounded in the Cloud
cancel
Showing results for 
Search instead for 
Did you mean: 

Data Privacy / Sovereignty Update

ChrisSteffen

Earlier this week, I shared some thoughts on data sovereignty and data privacy. I also included that I would provide an update on the topic every once in a blue moon, or when something interesting happens in the news.

Something interesting happened.

DataCloud.jpg

To get everyone up to speed – In October 2015, the European Court of Justice was asked to rule on the adequacy of the Safe Harbor privacy regulations, which were originally accepted by the European Commission in July 2000. After some legal review by various European courts, the European Court of Justice invalidated the Safe Harbor agreement, requiring the European Commission to revisit the regulations between the EU and the United States. In February 2016, the EU and the US had reached an agreement (called the Privacy Shield) to address the concerns that invalidated Safe Harbor. And the world’s biggest companies – directly affected by the Safe Harbor invalidation – breathed a massive sigh of relief.

Fast forward to the present – two months after approving the Privacy Shield, regulators in the EU have come out and stated that the agreement still did not provide adequate privacy guarantees to European Internet users. Specifically, the concerns revolve around how data is stored and used by social media and search companies. The end goal of the European regulators is to have an agreement in place that forces US based companies to treat and protect data much in the same way that it is treated by the EU countries.

So, to summarize from my perspective: The new Privacy Shield between the EU and the US was a step (or maybe even two steps) in the right direction, but close was not close enough. It is back to the negotiation table for the two sides.

The good news is that we (United States) have a very clear understanding of the direction that the EU wants that US regulations to take – mimic the data privacy regulations of Ireland, Germany of some of the other EU members. The bad news is that it will be extremely difficult for the United States to copy and paste those regulations, as there are numerous legal (and arguably Constitutional challenges) that prevent it. Add to the mix the contentious election cycle, and it could be some time before we see resolution on a new set of Safe Harbor / Privacy Shield / data sovereignty regulations.

I will try to update when something new interesting happens in this regard. Stay tuned!

About the Author

ChrisSteffen

Chris Steffen is the Chief Evangelist for HPE Cloud Security. He is part of the HPE Helion team that works to educate and promote information security as it relates to cloud computing solutions. Before joining HPE, Chris spent over 15 years as an IT executive and security practitioner in multiple industries, including financial services, manufacturing and government. He is a noted industry expert, and has multiple technical certifications, including CISSP and CISA. You can follow him on Twitter at @CloudSecChris.

Comments
ChrisSteffen

As if that were not enough, Microsoft announced today that it was suing the US federal government for being prohibited from informing customers when the DOJ seizes cloud related data from their customers.  Here is a great article about it:

http://www.reuters.com/article/us-microsoft-privacy-idUSKCN0XB22U

 

Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
See posts for dates
Online
HPE Webinars - 2017
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all