Today, the European Commission launched the EU–US Privacy Shield with the headline “Stronger protection for transatlantic data flows”. The European Commission press release is here and the reciprocal Remarks by the US Secretary of Commerce are here.
This seems a good time to look at a recent paper by Michael Becker, managing director at Consilio, called Finding a new Safe Harbour: how technology can support data protection compliance.
As its title implies, the paper was written in the period between the invalidation of Safe Harbour by the Schrems decision and today’s (apparent) finalisation of its successor, the Privacy Shield.
I was among those who felt strongly that Safe Harbour was never adequate, on its own, as a means of complying with EU data protection requirements – if mere self-certification to Safe Harbour was the only step you took to meet EU regulations, then you were doing it wrong anyway.
Michael Becker’s paper sets out some of the practical steps which technology offers to ensure compliance. It covers duplicate detection, predictive coding, redaction and automated anonymisation among other things, and serves as a good summary for those thinking seriously about compliance.
Michael Becker rightly refers to the Sedona Conference’s Practical In-House Approaches for Cross-Border Discovery and Data Protection and to the Sedona Conference International Principles on Discovery, Disclosure and Data Protection. Both will need updating (not just because of the Privacy Shield but because of the pending GDPR), but both are authoritative and practical guides to the daily business of transferring data.