Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £29.99 £19.99. New subscribers only. T&Cs apply

Find out more

Looking at Privacy Shield and Safe Harbour

In this video, you will learn about Privacy Shield and Safe Harbour.
With the United States and GDPR, worthwhile mentioning, just over a couple of slides, we have Privacy Shield and Safe Harbour. So Safe Harbour was designed to address the requirements of the European Union Data Protection Directive. It was created in 1998 and ran until 2015. And it tried to provide the same level of protection for information stored by United States’ entities who were dealing with European Union citizens’ personally identifiable information. And again, bear in mind, a telephone number can be classed as PII, or an email address, or a name, or an address. So most web based services will hold PII. So Safe Harbour was designed to address these requirements. And unfortunately, it was less than perfect.
So to manage Safe Harbour, it was a case that a business would self assert compliance. It would complete a statement saying annually that they were compliant with it. And in 2015, the European Court of Justice invalidated the Safe Harbour as an appropriate form of protection. And they cited legislation permitting the public authorities to have access, on a generalised basis, to the content of electronic communications of EU citizens’ data must be regarded as a compromise of the essence of the fundamental right for the respect for private life. So compromising the essence of the fundamental right to respect for private life. So for that reason, in 2015, there was some thinking, into 2016, as to what could provide an appropriate replacement.
Also, by 2018, we had GDPR rising, which afforded stronger protections. And so we had Privacy Shield that replaced the Safe Harbour model. So this provided a stronger mechanism. It was a stronger model. And it made, it created stronger obligations on the companies in the United States to protect the personal data of Europeans and required stronger monitoring and enforcement by the European, by the United States Department of Commerce and the Federal Trade Commission, who enforce the Privacy Shield program. This was including cooperation with the European Data Protection authorities. And the United States also made commitments that protection under US law for public authorities to access personal data for US citizens would be extended to European citizens.
And that Europeans would have the ability to raise inquiries with their local information agencies to query what was happening, and that these would be responded to by the American agencies. So this was a big change in 2016, with the Department of Commerce and the Federal Trade Commission and the European Union trying to agree a model by which some of these very large US run services, Microsoft, Google, Amazon, would be compliant with European Union privacy legislation. And this also prepared for the 2018 move to the GDPR, or General Data Protection Requirement. When looking at cloud considerations, we have a number of considerations. The first of these are physical. We want to understand where the data centre is. Are there any backups?
Is replication in place? So where is the data held primarily, but also where is any tertiary or replication data held, and potentially our backups? Here we want a balance between resilience and compliance.
For safeguards against human and environments, we need to understand what is in place. The physical security. Are the bars on the windows of our cloud data centre? Is it underground? Is there a risk of flooding? Within the data centre, is our data appropriately segregated physically? Is the data itself encrypted at rest? If it is encrypted, how? Are hashes and accounts stored? If so, how are they protected? So we want to understand as much as we can about the physical environment and about how our data is protected.

In this video, you will learn about Privacy Shield and Safe Harbour. Safe Harbour was designed to address the requirements of the European Union Data Protection Directive and ran until 2015. Privacy Shield replaced Safe Harbour from 2016 and provided a stronger model.

Investigate and share: It is important to stay up to date with newer, stronger models. Research Privacy Shield further to see what more you can learn. Can you share an example of how it’s being used? Are there any updates that have not been mentioned already? Share with your fellow learners below.

This article is from the free online

Cyber Security Foundations: Reinforcing Identity and Access Management

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now