Monday, 20 February 2017

The EU-US Privacy Shield and Email Hippo

What is the EU-U.S. Privacy Shield? 

This is a Privacy Shield explanation for readers who don't want to get bogged down in legal jargon and follow trails of crumbs through some p-retty dry articles. We have gone through the pain so you don't have to.

You'll find links to more technical and detailed explanations at the foot of this article. If that is your thing, please scroll down and tuck in. If not, read on.

The EU-U.S. Privacy Shield is the framework that enables firms to transfer personal data legally from the European Union to the United States. Firms in the USA that move personal data from Europe into the USA are invited to voluntarily participate and join the Privacy Shield Program.

It came into existence in July, 2016, replacing the 'Safe Harbour' framework that had been doing the job previously.

There is a separate Swiss-U.S. Privacy Shield Framework that covers transferring data from Switzerland to the USA. That came into existence in January 2017.

Why does the EU-U.S. Privacy Shield exist?

Basically, to help the digital economy grow, to improve trade and to increase security.

Back in 2012, The European Commission raised concerns about the security of personal data of European Union citizens being transferred to the USA. The European press reported on areas of disagreement between legislative attitudes to protecting personal data. The prevailing attitude was and still is, that in Europe, data privacy laws are more stringent than in the US.

The European Court of Justice rejected the existing 'Safe Harbour' framework. Stories about social-media data storage and transfer, preceded news of subsequent US eavesdropping activities. This did little to help create a feeling of 'common ground.' In fact Facebook ended up in court in Ireland, so it's fair to see the governments weren't seeing eye to eye on this one.

Does the EU-U.S. Privacy Shield affect Email Hippo then?

Nope. Email Hippo is a UK company so we don't need to participate in the Privacy Shield.

But we thought you might want to know more about how we deal with personal data that is uploaded to our servers for validating.  Especially as most of our customers are companies in the USA, so they might be familiar with Privacy Shield participation and think of it as a sign of reassurance in a data partner.

We have servers in the cloud worldwide, stacking, moving and returning results to our customers. We shave nanoseconds off our times by using servers in many locales. However; and it's a shiny good however; all the data is processed in the EU. Which is a good thing as it shows that we are working within the codes of practise in a more stringent environment. It also helps US companies who need to have international email addresses checked and can't be sure if they are EU or US or elsewhere.

Is an email address personal data?

A paragraph defining personal data

Oooh. Good question. And a moot point.
Personal data is essentially information that is designed to be processed and can identify a living individual.
So can an email address on its own identify a living individual? Yes? No?
Obviously role based email addresses can't identify a living individual, [email protected] gives no personal information. But what about [email protected]? That's personal.

So that's why we take personal data privacy very seriously. Every email uploaded to our service could be personal data. From time to time customers send us extraordinary amounts of personal data that is far and above simple email addresses. In the interests of security, compliance and frankly, just good manners, we have created a framework of extremely secure best practise that we adhere to.

That framework begins with a combination of Microsoft Azure and Amazon Web Service (AWS) security. In addition our discrete EU data center is protected by security that is at least at Azure and AWS enterprise level.

It ends with our ISO 27001 certification. Our information and security management systems are certified to this internationally recognised compliance level.

So we deal with data, safe in the knowledge that we are operating within a secure framework, compliant with the most stringent data law levels on the planet.

You can trust us with your data.

If personal data security is important to you and you'd like more information, please let us know.

You can read about Amazon Web Service security here

Learn about Microsoft Azure enterprise security standards

The EU-U.S. Privacy Shield is described in detail on this US Government site.

Whilst this site outlines the legal and social processes leading up to the failure of the Safe Harbour framework and subsequent development of the Privacy Shield.

If you need to participate in the Privacy Shield you can register here.

For more information about Email Hippo privacy and ISO 27001 read here

No comments:

Post a Comment

All posts are moderated to filter out link spam.