It is challenging to write about Safe Harbor, the Eu-US international data sharing transfer agreement, because the situation is changing daily.
A replacement framework was announced in early February. Five days later, scepticism and confusion followed.
The EU-US data transfer deal
Essentially, the new deal struck between the EU and US regards the transfer of personal data between the two continents. The agreement affects everyone, but what does this development mean for individuals and businesses?
In simple terms, this agreement regulates the EU-US information flow, including data regarding everything from sensitive contracts and payrolls, to flight tickets and social media profiles.
Data protection laws and the transfer deal
The EU data protection laws state that companies can only transfer EU citizens' data outside of Member States if the destination country has data protection laws that match those of the Union.
Nowadays, thousands of companies operate on both continents. Unfortunately, because US data protection laws did not match EU standards, in 2000 both parties drew up the Safe Harbor agreement. It allowed licensed companies to carry data back to the US.
There are currently over 4,000 companies registered under the Safe Harbor agreement, including Microsoft, Facebook, Google, Adobe, eBay and Twitter.
The EU-US Privacy Shield
The agreement appeared to be beneficial for both parties until last October, when the treaty was invalidated by the European Court of Justice. It was invalidated on the grounds that US mass surveillance programmes were violating fundamental European privacy rights.
Following that, the EU and US have reached a new deal, branded as EU-US Privacy Shield. The details of the new sharing data pact are not yet clear. Businesses operating across the regions remain in the dark and at increased risk of enforcement if they continue to transfer data to the US.
How SigningHub by Ascertia stays compliant
For the past 15 years, we have worked with more than 15 governments and over 250 registered Certificate Authorities (CAs). We understood early on that our clients’ security and privacy is of paramount importance. We are always striving to deliver the most trustworthy and secure system for them, regardless of location.
To ensure that our customers’ data is fully protected, without any disruption to workflows, SigningHub uses data centres located in the EU and fully complies with the principles of the European Data Protection Directive.
Additionally, we have a network of trusted partners who run local SigningHub services in countries such as Norway, South Africa, Portugal and Brazil. We recognise the importance of interoperability and work with hundreds of global CA issuers for trusted identities, and support complex identity networks such as the US Federal public key infrastructure (PKI) and other bridge CAs.
Document authenticity
It is important customer documents and data remain authentic and free from unauthorised changes, whether intentional or accidental. SigningHub provides this through the use of Advanced Electronic Signatures (AES) backed with unique PKI keys/certificates for every user. It ensures each signature is:
- Uniquely linked to the signer;
- Capable of identifying the signer;
- Created using means that the signatory can maintain under their sole control;
- Linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.
Due to these regulations and standards, we are able to provide users with the most secure digital signature software on the market. It enables our clients to only make significant savings in time and money, and also to rest assured their data is protected from unauthorised eyes when conducting business in any jurisdiction and across borders.