Since the end of Safe Harbour European companies no longer have any kind of legal secuirty when they use US-based cloud services. The planned Privacy Shield Agreement between Europe and the US will not bring any change to that.
As the European Court overturned the Safe Harbor agreement in October, which was not only a victory for privacy advocates Max Schrems – it took the US and Europe in the obligation to create a new legal framework for the exchange of data.
This is now in draft form and is named “Privacy Shield“.
Privacy Shield is based on three components. First, strict requirements with respect to the processing of personal data of EU citizens are to be implemented. Secondly, there should be clear rules and transparency when the United States access this data. Thirdly, the rights of EU citizens will be better protected by various appeals.
But for now Privacy Shield is no more than an initial design. On April 12 and 13 the so-called Article 29 Working Party, which contains representatives of the EU member states, will gather and determine whether the agreement with the US is protecting digital privacy and therefore guarantee legal compliance in data processing. And even that won’t be a final decision.
Fact: Someone who uses American cloud services and thus transmits partly personal data such as names, addresses, telephone numbers or e-mail in the United States, currently only has access to two instruments which offer reasonably legal compliance in this transitional period; So-called standard contractual clauses (“Model Contracts” or “Standard contractual clauses”) and binding corporate data protection rules.
However, if you are looking for genuine legal compliance, you should look by US services and to seek an alternative in Europe. Only data in local data centers in European or Swiss jurisdiction guarantee long term security.
You better don’t wait for Privacy Shield: The Austrian lawyer Max Schrems, who had brought almost single-handedly the old Agreement Safe Harbor before the European Court on the case, sees only cosmetic improvements and is already ready with other data protection to prevent it.