14 April 2016
When your business relies on data, how do you know that that data is safe?
Rules, regulations and best practice? What about when those regulations fall down?
That’s what happened with Safe Harbour a few months back; the EU ruled that it just wasn’t protecting the transfer of data EU citizens’ data to outside of the EU well enough.
Of course, a new, shinier, 2.0 version of the regulation was promised; protecting data transfer like never before. But, what did we get? Privacy Shield.
In my opinion, it’s just Safe Harbour dressed up. It’s exactly the same thing except they’ve added an ombudsman, which is pretty useless when you consider that that’s still going to be under US jurisdiction.
One of the biggest problems with Safe Harbour, and now with Privacy Shield, is that the American government is able to access companies’ data. That means that if you’re a business being hosted by an American organisation, you’ve got to acknowledge that the US government can access that data whenever they want without a court order.
It’s very different from being in Britain where we as a data centre provider would not give away anyone’s personal data to the government or to anybody, until the police turn up with a judicial warrant and ask to take away the data of someone who’s done something very wrong.
We know that that court order means that there has been a due process and we’re comfortable with that. It removes the risk of people snooping or of untrustworthy behaviour.
Do they think we are just going to roll over and look at the new name – ‘Privacy Shield’ – and forget the issues that existed before? New branding is not going to distract anyone from the main issue.
Whilst Microsoft has openly backed Privacy Shield recently, it is clear why they want to get behind it; they’ve been losing business over concerns about these legal issues and about data privacy and security for their clients. They have tried to counter this by committing to building UK data centres in the future but it makes no difference, it’s rhetoric; they’re still under the control of the US government if they want to access that data.
In their defence, however, they have their hands tied by the US government who want to be above EU law. How’s the US government ever going to concede to the EU? Since 9/11 they’ve had overall access and that’s fine if you can trust all US people but sadly that’s not how the world operates. In all honesty, I worry what the case will be once this Muppet Show of a presidential election is over! Can you imagine if Donald Trump and Boris Johnson were ever in charge of anything like this?
The US government would do well to adopt a system like ours, but what we don’t want is for the UK to follow suit and adopt the Snoopers’ Charter. We’ve got a good reputation globally and we want to retain that.
In my opinion the simple answer is to buy British. It keeps the pound in Britain and there are enough great providers over here. Privacy Shield is a tiny bandage for a big issue.
What do you think? Does Privacy Shield go far enough? Are you concerned about the safety of your data?