On November 30, 2016, Pantheon became compliant with the Privacy Shield Framework. The framework was designed by the European Commission and the U.S. Department of Commerce. Its goal is to provide both U.S. and European companies with a mechanism to comply with the EU data protection requirements when transferring personal data from the European Union to the U.S.
Privacy Shield Replaces Safe Harbor
The Privacy Shield Framework was approved as being adequate on July 12, 2016 and replaces the Safe Harbor Framework. In October 2015, the European Court of Justice struck down the Safe Harbor data transfer accord. The revelations from Edward Snowden around government surveillance and a complaint from the High Court of Ireland lead to its dissolution. The complaint came from a Austrian privacy activist challenging the legality of Facebook’s handling of his personal information under European privacy law. The court ruled that even if US companies were taking adequate measures, US public authorities were not subject to the Safe Harbor guidelines, thus putting European citizens’ data privacy at risk to US government surveillance.
The Privacy Shield Framework has retained much of the Safe Harbor framework, while adding additional requirements. Companies are still required to comply with the following 7 principles:
- Accountability for onward transfer
- Data integrity and purpose limitation
- Recourse, enforcement, and liability
The new requirements include new limits and oversight mechanisms when using Europeans’ data, an advocate to handle complaints about intelligence-related matters, and tightened restrictions on forwarding Europeans’ personal data to other companies.
What This Means for Pantheon Customers
EU-based customers rely on Pantheon to be compliant with data privacy regulations, and we’re excited to have attained this compliance and an extra level of trust with customers. Pantheon's security team will continue to work hard on these initiatives through 2017, ensuring that our customers and agency partners can depend on our platform to keep them—and their clients—secure and compliant.
Curious about whether other services or providers you use comply? See the full list here.
[July 2017 Update] The Swiss Government partnered with the U.S. Department of Commerce and on January 12, 2017 announced the approval of the Swiss-U.S. Privacy Shield Framework. The Swiss Privacy Shield will replace the U.S.–Swiss Safe Harbor Framework and imposes similar data protection requirements that were established under the EU–U.S. Privacy Shield. Beginning April 12th, 2017, organizations were able to self-certify against the framework. We are happy to announce that as of July 5th, 2017, we are Swiss-U.S. Privacy Shield compliant.