Blog – Safe Harbour 2.0 Gets The Greenlight

Privacy_Shield_Datenschutz-595x440   ansip-b-001

The next major raft of data legislation kicked into effect on 12th July 2016, with the European Commission’s official adoption of the EU US Privacy Shield framework.  These measures will ensure the protection of EU citizen data in its transfer to the United States.

“We have approved the new EU-US Privacy Shield today. It will protect the personal data of our people and provide clarity for businesses,” said Andrus Ansip, the EC’s Digital Single Market VP.

“We have worked hard with all our partners in Europe and in the US to get this deal right and to have it done as soon as possible. Data flows between our two continents are essential to our society and economy – we now have a robust framework ensuring these transfers take place in the best and safest conditions”.

Known as Safe Harbour 2.0, this agreement will help firms to move personal data either side of the Pond without breaking strict EU data transfer rules.  After many re-drafts, the EC believes the new framework is now robust enough to protect the data of European citizens.

Obligations and compliance overseer
The US Department of Commerce will be the body responsible for checking that those companies participating who have signed up to the framework, are duly following the rules.  Failure to do so will result in them facing sanctions and being struck off the list.  Additionally, the same levels of protection will apply to any personal data that is forwarded by third parties.

Safeguards and transparency around US government access
The EU has been assured that public authorities access for law enforcement and national security remains subject to clear limitations, safeguards and oversight mechanisms.  The US will not be allowed to undertake indiscriminate mass surveillance of personal data of EU citizens and every EU citizen will forthwith benefit from redress mechanisms.

Individual rights redress
Under the Safe Harbour 2.0, any citizen who considers that their data has been misused will be able to refer to a number of accessible and affordable dispute resolution schemes. Ideally, the complaint will be resolved by the company directly in the first instance, or free of charge Alternative Dispute resolution (ADR) solutions will be offered.

EU US annual joint review
The Privacy Shield scheme will be jointly reviewed each year annually by the European Commission and the US Department of Commerce. Their respective national intelligence experts from the US and European Data Protection Authorities will collaborate to assess all sources of information available and issue a public report to the European Parliament and the Council.

So where does this leave the rights of UK citizens post Brexit?
We need to remember that until Article 50 is signed UK citizens are still EU citizens and therefore we all benefit from these changes. In point of fact the General Data Protection Regulation (GDPR), which comes into effect in May 2018, will become law in the UK as we will still be part of the EU. Additionally, the Information Commissioners Office (ICO), has already stated that any re-draft of the UK Data Protection Act would have to take into account both the GDPR and Safe Harbour 2.0

The changes we have seen so far and the adoption of a single European Data Protection Law leads me to consider the question “Would a Global Data Protection or Global Data Transfer Regulation?” much like the International Standards help safe guard every citizen?

This week’s technology news – 20th February 2015


Microsoft enjoys gold in Europe

Microsoft’s VP of Legal & Corporate Affairs, Brad Smith announced on 16th February 2015 that it had become the first major cloud provider to adopt an international standard for cloud privacy – which is also the world’s first.

This follows the EU data protection authority’s endorsement of Microsoft’s gold standard for cloud privacy back in 2014 (see our blog 17th April 2014).  The new ISO creates a uniform, international approach to protecting privacy for personal data stored in the cloud.

Smith is clearly pleased:  “The British Standards Institute (BSI) has independently verified that in addition to Microsoft Azure, both Office 365 and Dynamics CRM Online are aligned with the standard’s code of practice for the protection of Personally Identifiable Information (PII) in the public cloud”.

Where standards will affect business assurance and safeguards to industry, this new ISO is important commercially as ISO 27018 assures enterprise customers their privacy is safe – and the new standards promise the data will not be used for advertising.

According to Smith, Microsoft can only process identifiable data the customers provide and is obliged to notify the customers where their data is, and who else is using it (in case there are third parties in need of their data). Additionally, the company offering cloud services must notify the client in case the government requests disclosure of ‘PII’ data.

azure

Google’s CIE says “Don’t get lost in the digital Dark Age”

Chief Internet Evangelist for Google, Vint Cerf, a “father of the internet” and holder of the highest civilian honour, the U.S. National Medal of Technology, addressed the American Association for the Advancement of Science (AAAS) annual conference in San Jose last week.  His talk aired concerns that all the images and documents we have been saving on computers will eventually be lost – and that future generations will have little or no record of the 21st Century as we enter what he describes as a “digital Dark Age”.

This would occur as hardware and software become obsolete (and as backward compatibility is not always guaranteed) and old formats of documents, presentations or images, may not be readable by the latest version of the software or retrievable from external hard drives.

“The key here is when you move those bits from one place to another, that you still know how to unpack them to correctly interpret the different parts. That is all achievable – if we standardise the descriptions…. We have various formats for digital photographs and movies, and those formats need software to correctly render those objects.  Sometimes the standards we use to produce them fade away and are replaced by other alternatives and then software that is supposed to render images can’t render older formats so the images are no longer visible”.

“Over time, we accumulate vast archives of digital content, but may not actually know what it is.”  As it is unclear what would be the most important data of our generation it was important to preserve as much as possible.

“The solution is to take an X-ray snapshot of the content and the application and the operating system together, with a description of the machine that it runs on, and preserve that for long periods of time. And that digital snapshot will recreate the past in the future.” Cerf calls this digital form, ‘Digital Vellum’ to be held in servers in the cloud – and accessible as required because descriptions have been standardised.

Whilst there is no guarantee of Google being around in 3000, the notion is that the x-ray snapshot captured is transportable from one place to another. So, it could move from say Google cloud to another cloud, or back onto a personal machine.

Google-Vincent-Cerf-631_jpg__800x600_q85_crop

See video:  http://emp.bbc.co.uk/emp/embed/smpEmbed.html?playlist=http%3A%2F%2Fplaylists.bbc.co.uk%2Fnews%2Fscience-environment-31458902A%2Fplaylist.sxml&title=Net%20pioneer%20warns%20of%20digital%20’Dark%20Age’&product=news“>http://emp.bbc.co.uk/emp/embed/smpEmbed.html?playlist=http%3A%2F%2Fplaylists.bbc.co.uk%2Fnews%2Fscience-environment-31458902A%2Fplaylist.sxml&title=Net%20pioneer%20warns%20of%20digital%20’Dark%20Age’&product=news

When just one drop IS enough

An American company, Nanobiosym has shown off its latest mobile diagnostic device, ‘Gene Radar’, which can perform real time testing on a drop of blood, saliva or other bodily fluid to detect disease.

Using a nanochip in a mobile device, they claim it provides a gold standard at DNA/RNA level, revolutionising the previous mountainous PCR processing which went before it in medical profiling, to create more efficient scientific solutions to viral scanning.  A mobile scanner that can detect whether a person has Ebola, HIV or the flu virus in less than one hour has great significance. The technology can be deployed in wearables, smart phones and notebooks and apps for self diagnosis are also being developed apace.

Nanobiosym is one of several US companies chasing healthcare business in this sphere, including Corgenix (a Microsoft Gold Service Partner) and Nanomix.  CEO of Nanobiosym Dr Anita Goel is passionate about the opportunity for this new technology to truly democratise healthcare, especially in third world countries, which do not have the industrialised history and infrastructure investment in healthcare and take it to the people.

The personalisation and mobility of this healthcare offering is very exciting. It brings together physics, biomedicine and nanotechnology to diagnose conditions and is viewed by Goel has having the potential to cut the costs of some conditions by up to 99%, surely of interest to healthcare boards around the globe, where the pressure on budgets is forever being squeezed.

The development is eye catching when in the West, traditional HIV screening would cost $200 with results taking two weeks – and six months in Africa.  The outbreak and spread of Ebola hooked world headlines in 2014 and its impact is still being felt.  The new technology being developed by these companies can detect the disease at very low levels, before a patient is even showing symptoms.  In practical terms, scanning for this and other diseases at airports say, could help contain, advise and start pro-active steps for treatment, even affecting future generations.

The company is waiting for approval from the US Food and Drug Administration (FDA) before offering the device for sale.  With diseases like Ebola, it would be a straightforward tick for border agencies, keen to control migration of those affected. However the ramification for detection through apps of other genetic diseases like Parkinsons or Alzheimer’s carries with it the health warning that the patient’s very knowledge of the disease could alter and affect their life, decisions and outlook if pre symptoms were detected whilst there was still no cure.

28337-technology-generadar

See video:  http://goo.gl/FcBXoD