EU-U.S. Privacy Shield: Progress for privacy rights

We at Microsoft welcome the new EU-U.S. Privacy Shield decision, which the European Commission is expected to announce on 12 July. It sets a new high standard for the protection of Europeans’ personal data. Microsoft regards privacy as a fundamental right and we believe the Privacy Shield advances this right.

This is an important achievement for the privacy rights of citizens across Europe, and for companies across all industries that rely on international data flows to run their businesses and serve their customers. The successful and rigorous negotiations also demonstrate progress between Europe and the United States on a vital issue for transatlantic coordination. While we rely on different legal frameworks, we share the same privacy values on both sides of the Atlantic.

Safe Harbor fell short of what European data protection rules required, and I believe the Privacy Shield now meets each of those requirements. The Privacy Shield secures Europeans’ right to legal redress, strengthens the role of data protection authorities, introduces an independent oversight body, and it clarifies data collection practices by U.S. security agencies. In addition, it introduces new rules for data retention and onward transfer of data.

Importantly, key Privacy Shield provisions will also be extended to alternative data transfer mechanisms, such as EU Model Clauses.

The Privacy Shield puts data flows between Europe and the U.S. on a solid legal foundation. For me, one of the key points in the decision is the annual review clause. This makes the Privacy Shield a living framework. It can evolve over time, adapting to changes in data practices, technology and privacy laws. Our customers, our vast network of partners in Europe and Microsoft itself will all benefit from a stable legal framework, with flexibility built in. The Privacy Shield ensures that enduring values remain protected at a time when technology changes ever more quickly.

We are grateful to the negotiators of the European Commission and the Department of Commerce, who have worked constructively on this new framework for over two years, starting long before the Court of Justice of the European Union rendered its Safe Harbor decision. They have done outstanding work, showing the commitment and the flexibility required to negotiate a set of detailed documents that reflects European legal requirements, and the American legal system and practices.  And I strongly believe that the lively public debate and suggestions for improvements over recent months have resulted in important enhancements and a stronger Privacy Shield.

As I announced in April, Microsoft is now starting the process of implementing the Privacy Shield requirements and we will sign up to the new framework as soon as possible. We also want to re-emphasize our commitment made in April to cooperate with national Data Protection Authorities across the EU and to comply with their advice regarding any disputes under the Privacy Shield. It is in our interest to ensure that the Privacy Shield will be implemented rapidly and rigorously.

Privacy Shield shows that there is more that unites the U.S. and Europe on data protection than a superficial comparison might suggest. On both sides of the Atlantic, people and policy-makers believe in strong privacy protection. And on both sides of the Atlantic, people and policy-makers want to strike the right balance between privacy and security. The legal frameworks differ, and many nuances exist, but we share common privacy values and goals.


John Frank
Vice President for UN Affairs