The transfer of data between the US and Europe has been something of a privacy and security nightmare.
In an attempt to improve privacy protection, the European Commission established the EU-US Privacy Shield "to restore trust in transatlantic data flows" post-Edward Snowden's NSA surveillance revelations, replacing the controversial Safe Harbour arrangement.
Now, Microsoft has announced its support for the principles the framework says that companies will have to abide by. More than this, Vice President for EU Government Affairs at Microsoft, John Frank, says the company will comply with Data Protection Authorities advice in disputes, and cooperate with them on data transfer processes.
Whilst recognising that "no single legal instrument can address for all time all of the privacy issues on both sides of the Atlantic", Microsoft nonetheless says that Privacy Shield is a good starting pointing. The company says that additional steps will be needed to localise the framework, and praises the European Commission and US Department of Commerce for what it describes as having helped create "stronger and pragmatic privacy protection".
In a blog post, Frank says:
As well as announcing that it will sign up for Privacy Shield, Microsoft also says that it will embrace the dispute resolution process. Specifically, Microsoft will respond to any complaints it receives within 45 days. Having complied with Safe Harbour and cooperated with Data Protection Agencies for nearly 15 years, the company says "we believe it makes the most sense for us to continue with this approach and submit disputes to the DPAs under the Privacy Shield".
The Privacy Shield framework also places transparency obligations on companies, and this is something that Microsoft also embraces:
What needs to happen next is to convince more companies and, importantly, individuals that the Privacy Shield agreement is in their best interests.