{"id":24291,"date":"2017-02-16T10:00:36","date_gmt":"2017-02-16T09:00:36","guid":{"rendered":"https:\/\/owncloud.com\/?p=24291\/"},"modified":"2017-02-16T10:00:36","modified_gmt":"2017-02-16T09:00:36","slug":"threats-data-trump-age","status":"publish","type":"post","link":"https:\/\/owncloud.com\/de\/blogs\/threats-data-trump-age\/","title":{"rendered":"Threats to your Data in the Trump Age"},"content":{"rendered":"

Just about year after the fall of the Safe Harbor<\/a> agreement, the European Commission agreed upon a new framework, EU-US Privacy Shield<\/a>, for data-transfers between the EU and the US this past August and was officially put into place as of February 1st <\/sup>2017 with the declaration of the EU countries which are protected. Swiss data will be protected as of April 12th<\/sup> under a similar framework, the\u201cSwiss Privacy Shield\u201d<\/a>.<\/p>\n

But the agreement and your data is already threatened from a couple of angles!<\/p>\n

The Privacy Shield program, which is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enables U.S.-based organizations to join one or both of the Privacy Shield Frameworks in order to benefit from the adequacy determinations. To join either Privacy Shield Framework, a U.S.-based organization will be required to self-certify to the Department of Commerce (via this website) and publicly commit to comply with the Framework\u2019s requirements. While joining the Privacy Shield is voluntary, once an eligible organization makes the public commitment to comply with the Framework\u2019s requirements, the commitment will become enforceable under U.S. law.<\/p><\/blockquote>\n

(Carlos Barria \/ Reuters)<\/p><\/div>\n

After months of debate the US and EU came to terms that they could all agree would protect data security and allow for safe data transfers.<\/p>\n

The first threat to this agreement came from a recently signed executive order<\/a>, of which Section 14 states:<\/p>\n

Privacy Act.\u00a0 Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.<\/p><\/blockquote>\n

So, what does this mean for the EU-US Privacy Shield? <\/strong><\/p>\n

Currently it\u2019s still intact, but if you are in a country outside of the European Union or Switzerland, it means that your data is again at risk and can be freely used by agencies in the US. And nobody can really say what the next executive order will bring or deny in regards to essential data protection rights.<\/p>\n

Recent ruling against Google and Microsoft case still in the court system<\/strong><\/p>\n

In early February \u201ca U.S. judge has ordered Google to hand over emails stored outside the country in order to comply with an FBI search warrant<\/a>.\u201d \u00a0The main argument was that Google can’t tell exactly where the data is, which means that it is considered to be in the United States and, therefore, needs to be handed over.<\/p>\n

This again shows how essential it is to know where your data is at all times!<\/p>\n

However, Microsoft knows that the data is in Ireland, so the ruling was upheld<\/a> by a very close 4-4 vote. \u00a0It is expected that the US government will make a move to bring the case to the supreme court where it can be reconsidered. Alternatively, there are rumors that the administration will just change the respective law and clarify that US companies are forced to hand over data even if they know it is located elsewhere.<\/p>\n

The third risk continues to be a case in Ireland where, now famous, Max Schrems \u2013 who brought the original safe harbor agreement down \u2013 is continuing to argue against Facebook<\/a>. This case will probably move on to the European court system and is a pending threat to both the Privacy Shield, as well as the standard contractual clauses (SCCs),\u00a0 which are broadly used for specific data transfers and replaced safe harbor terms while people were waiting for privacy shield.<\/p>\n

New GDPR still implemented in early 2018<\/strong><\/p>\n

On top of this, the preparations for the new General Data Protection Regulation continues and will be finished in early 2018. \u00a0Remember, you can be fined up to 4%<\/a> of your annual revenue under those new regulations.<\/p>\n

Know where your data is!<\/strong><\/p>\n

With a lot of threats pending and interpretation about what national security is and under which circumstances it allows access to your data always being on the line, we continue to recommend that you do know exactly where your data is located at all times.<\/p>\n

Federate the Cloud<\/strong><\/p>\n

With ownCloud, our users never need to worry about data-transfer restrictions. ownCloud can connect federated servers in multiple geographic locations into a single user experience for seamless collaboration. Federated File Sharing<\/a> provides frictionless file sharing across multiple ownCloud servers, while maintaining the security, control and attributes of the original server as set up by IT \u2013 and leaving the master file copy on the originating ownCloud server.<\/p>\n