The Privacy Shield works

The EU-U.S. Privacy Shield’s first annual review begins today in Washington DC and it’s worth recognizing the value of having a review process. The previous Safe Harbor Agreement failed in large part because it wasn’t reviewed in light of changing circumstances, such as the Snowden disclosures.

At Microsoft, we believe the Privacy Shield has contributed to stronger privacy protections for Europeans since its adoption. And the Annual Review process, like all deadlines, has focused the new U.S. Administration’s efforts at taking steps to fulfil its commitments under that Privacy Shield. In the run-up to this week’s meeting, the Administration has made key appointments, including sixteen highly qualified professionals to serve as Privacy Shield arbitrators for European citizens who raise complaints. And the seats on the Privacy and Civil Liberties Oversight Board are being filled. In the change of U.S. Administration, the Privacy Shield remains a bipartisan project, and the Department of Commerce led by Secretary Wilbur Ross has continued the work begun under the leadership of Secretary Penny Pritzker.

The tough negotiations leading to the Privacy Shield were successful precisely because they were challenging and thorough. They were built on a stronger foundation: Deeper understanding on both sides about the other’s privacy laws and legal protections. And the review process can be expected to include some tough discussions about select issues where more progress would be welcomed. It will be more productive to focus on making progress, rather than insisting on perfection.

Microsoft became one of the first companies certified under the Privacy Shield in 2016. Today, around 2500 companies have gone through the detailed certification process, which helps to ensure that Europeans’ data remains protected and their privacy is respected when data is sent to the United States.

The processes we implemented at Microsoft to comply with the Privacy Shield are now being tested by our customers. We have been able to resolve the inquiries that Microsoft has received under the Privacy Shield rules directly with the inquiring individuals and companies, and we did so well within the 45-day deadline. When dealing with Privacy Shield requests, we found that the big investments we are making in GDPR compliance helped enable us to prepare our responses more quickly and efficiently. This summer, we provided written responses to the European Commission’s request for information about companies’ experiences under the Privacy Shield, and we are participating today in one of the review sessions in Washington DC to present our experiences and respond to questions.

As our economy and personal lives continue to be enhanced and challenged by new technologies, we at Microsoft have focused on how privacy and security laws can best serve our customers. We advocate in Europe and U.S. for privacy protections that enable technology to advance in socially responsible paths. We are supporting legislative initiatives, and we are challenging governments in court on points, that we consider important to advance the rule of law and our customers’ important interests in our era of cloud computing.

Related blogs:
Microsoft signs up for Privacy Shield
EU-U.S. Privacy Shield: Progress for privacy rights
Microsoft’s commitments, including DPA cooperation, under the EU-U.S. Privacy Shield

Tags: ,

John Frank
Vice President for UN Affairs

John Frank is Vice President for UN Affairs at Microsoft. In this role, John and his team are focused on advancing multistakeholder solutions towards a more accessible and equitable digital environment and a healthier planet, and opportunities for computer and data sciences to help the UN and its agencies to achieve more.  The team works from New York, Geneva, and Seattle. Previously, John led Microsoft’s European government affairs teams in Brussels and European national capitals on EU issues, especially legal frameworks for cloud computing in areas such as cybersecurity, AI ethics, lawful access and privacy. From 2002 to 2015 he served as Deputy General Counsel and Chief of Staff for Microsoft President Brad Smith, based at Microsoft’s corporate headquarters in Redmond, Washington. In this role, he led the digital trust and security group, including the law enforcement and national security team, the digital crimes unit, the industry affairs group and the competition law, privacy and government contract compliance teams.  From 1996 to 2002, John led Microsoft’s legal and corporate affairs group for Europe, the Middle East and Africa, based in Paris. Prior to joining Microsoft, John practiced law in San Francisco with Skadden, Arps, Slate, Meagher & Flom. John received his AB degree from the Princeton University School of Public and International Affairs and his JD from Columbia Law School.