In 1980, the Organization for Economic Co-operation and Development decided there were 7 principles which personal data should be protected: Notice, Choice, Onward transfer, Access, Security, Data Integrity, and Enforcement. In 1995, the European Union executed the Data Protective Directive which permitted companies running in the European Union to send personal data to countries outside of the European Economic Area that abided by the 7 principles. They would only be permitted to send their data to countries that provided sufficient data security.
The Safe Harbour Privacy Principles were created in 2000 to prohibit private EU or US companies from exposing or misplacing private data they acquired. US companies could voluntarily opt into a program and get certified to receive data from the EU. This agreement was valid for 15 years until recently, when a Facebook customer reported his information was not sufficiently protected. After his complaint was investigated, the Safe Harbour Decision became invalid.
Early last week, the EU agreed to a new deal with the US to allow thousands of businesses to continue exchanging data. A discussion took place for 3 months until this new deal was agreed upon. There is still some skepticism toward the U.S. and their intent to uphold their part in the new pact. In an attempt to address privacy concerns, the new agreement includes “written guarantees by the United States — to be reviewed annually — that American intelligence agencies would not have indiscriminate access to Europeans’ digital data when it is sent across the Atlantic”. Not only will the US have to provide written guarantees, but european agencies can also issue fines to companies they believe are misusing the data they have received.
You can learn about the new deal and read the entire article here.
Also, check out CapLinked’s virtual data room already compliant solution.