It is challenging to write about Safe Harbor, the international data sharing agreement, because the situation is changing daily. A replacement framework was announced in early February. Five days later, scepticism and confusion followed.
Essentially, the new deal struck between the EU and US regards the transfer of personal data between the two continents. The agreement affects everyone, but what does this development mean for individuals and businesses? In simple terms, this agreement regulates the EU/US information flow, including data regarding everything from sensitive contracts and payrolls, to flight tickets and social media profiles.
The EU data protection laws state that companies can only transfer EU citizens' data outside of member states if the destination country has data protection laws that match those of the Union. Nowadays, thousands of companies operate on both continents, but because US data protection laws did not match EU standards, in 2000 both parties drew up the Safe Harbor agreement to allow licensed companies to carry data back to the US.
There are currently over 4,000 companies registered under the Safe Harbor agreement, including Microsoft, Facebook, Google, Adobe, eBay and Twitter.
The agreement appeared to be beneficial for both parties until last October when the treaty was invalidated by the European Court of Justice. This was on the grounds that US mass surveillance programmes were violating fundamental European privacy rights. Now both the EU and US have reached a new deal, branded as EU-US Privacy Shield, but the details of the new sharing data pact are not clear yet. Businesses operating across the regions remain in the dark and at increased risk of enforcement if they continue to transfer data to the US.
For the past 15 years, we have been working with more than 15 governments and over 250 registered certificate authorities. We understood early on that our clients’ security and privacy is of paramount importance and we are always striving to deliver the most trustworthy and secure system for them, regardless of location.
To ensure that our customers’ data is fully protected without any disruption to workflows, SigningHub uses data centres located in the EU and fully complies with the principles of the European Data Protection Directive. Additionally, we have a network of trusted partners who run local SigningHub services in countries such as Norway, South Africa, Portugal and Brazil. We recognise the importance of interoperability and work with over 250 registered Certificate Authority issuers covering the globe for trusted identities, and support complex identity networks such as the US Federal PKI and other bridge CAs.
It is important customer documents and data remain authentic and free from unauthorised changes, whether intentional or accidental. With SigningHub we provide this through the use of advanced electronic signatures backed with unique PKI keys/certificates for every user, which ensures each signature is:
- Uniquely linked to the signer;
- Capable of identifying the signer;
- Created using means that the signatory can maintain under their sole control;
- Linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.
Due to these regulations and standards, we are able to provide users with the most secure digital signature software on the market. This enables our clients to not only make significant savings in time and money, but also to rest assured their data is protected from unauthorised eyes when conducting business in any jurisdiction and across borders.