Skip main navigation

Looking at Privacy Shield and Safe Harbour

In this video, you will learn about Privacy Shield and Safe Harbour.
With the United States and GDPR, worthwhile mentioning, just over a couple of slides, we have Privacy Shield and Safe Harbour. So Safe Harbour was designed to address the requirements of the European Union Data Protection Directive. It was created in 1998 and ran until 2015. And it tried to provide the same level of protection for information stored by United States’ entities who were dealing with European Union citizens’ personally identifiable information. And again, bear in mind, a telephone number can be classed as PII, or an email address, or a name, or an address. So most web based services will hold PII. So Safe Harbour was designed to address these requirements. And unfortunately, it was less than perfect.
So to manage Safe Harbour, it was a case that a business would self assert compliance. It would complete a statement saying annually that they were compliant with it. And in 2015, the European Court of Justice invalidated the Safe Harbour as an appropriate form of protection. And they cited legislation permitting the public authorities to have access, on a generalised basis, to the content of electronic communications of EU citizens’ data must be regarded as a compromise of the essence of the fundamental right for the respect for private life. So compromising the essence of the fundamental right to respect for private life. So for that reason, in 2015, there was some thinking, into 2016, as to what could provide an appropriate replacement.
Also, by 2018, we had GDPR rising, which afforded stronger protections. And so we had Privacy Shield that replaced the Safe Harbour model. So this provided a stronger mechanism. It was a stronger model. And it made, it created stronger obligations on the companies in the United States to protect the personal data of Europeans and required stronger monitoring and enforcement by the European, by the United States Department of Commerce and the Federal Trade Commission, who enforce the Privacy Shield program. This was including cooperation with the European Data Protection authorities. And the United States also made commitments that protection under US law for public authorities to access personal data for US citizens would be extended to European citizens.
And that Europeans would have the ability to raise inquiries with their local information agencies to query what was happening, and that these would be responded to by the American agencies. So this was a big change in 2016, with the Department of Commerce and the Federal Trade Commission and the European Union trying to agree a model by which some of these very large US run services, Microsoft, Google, Amazon, would be compliant with European Union privacy legislation. And this also prepared for the 2018 move to the GDPR, or General Data Protection Requirement. When looking at cloud considerations, we have a number of considerations. The first of these are physical. We want to understand where the data centre is. Are there any backups?
Is replication in place? So where is the data held primarily, but also where is any tertiary or replication data held, and potentially our backups? Here we want a balance between resilience and compliance.
For safeguards against human and environments, we need to understand what is in place. The physical security. Are the bars on the windows of our cloud data centre? Is it underground? Is there a risk of flooding? Within the data centre, is our data appropriately segregated physically? Is the data itself encrypted at rest? If it is encrypted, how? Are hashes and accounts stored? If so, how are they protected? So we want to understand as much as we can about the physical environment and about how our data is protected.

In this video, you will learn about Privacy Shield and Safe Harbour. Safe Harbour was designed to address the requirements of the European Union Data Protection Directive and ran until 2015. Privacy Shield replaced Safe Harbour from 2016 and provided a stronger model.

Investigate and share: It is important to stay up to date with newer, stronger models. Research Privacy Shield further to see what more you can learn. Can you share an example of how it’s being used? Are there any updates that have not been mentioned already? Share with your fellow learners below.

This article is from the free online

Cyber Security Foundations: Reinforcing Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education