Microsoft became the first major U.S. tech company to say it would transfer users’ information to the United States using a new transatlantic commercial data pact and would resolve any disputes with European privacy watchdogs.
EU data protection law bars companies from transferring personal data to countries deemed to have insufficient privacy safeguards, of which the United States is one, unless they set up complex legal structures or use a framework like Safe Harbour.
Data transfers to the United States have been conducted in a legal limbo since October last year when the European Union’s top court struck down the Safe Harbour framework that allowed firms to easily move personal data across the Atlantic in compliance with strict EU data transferral rules.
“I’m pleased to announce today that Microsoft pledges to sign up for the Privacy Shield, and we will put in place new commitments to advance privacy as this instrument is implemented,” John Frank, Vice President of EU Government Affairs, wrote in a blog.
Microsoft said it would sign up to the EU-U.S. Privacy Shield, the new framework that was agreed by Brussels and Washington in February to fill the void left by Safe Harbour and ensure the $260 billion in digital services trade across the Atlantic continues smoothly. Companies transferring human resources data will have to submit to the jurisdiction of European regulators, but for other companies it will merely be voluntary. The main enforcers of the framework will be the U.S. Department of Commerce and the U.S. Federal Trade Commission.
The European Commission welcomed Microsoft’s announcement, noting that EU individuals were more likely to turn to their national regulator to complain about the handling of their data.
“We welcome the fact that companies already commit to using the Privacy Shield and complying with its obligations,” said Christian Wigand, a Commission spokesman.