Extract from David Horrigan’s article “Microsoft v. United States and the Privacy Shield: How Did We Get Here?”
July has been a big month for the law of international data transfers, with two long-running legal sagas coming to a conclusion—at least for the moment.
On July 12, the EU and the US announced the adoption of the EU-US Privacy Shield Framework, and on July 14, the US Court of Appeals for the Second Circuit reversed a district court and held in favor of Microsoft in Microsoft v. United States, known commonly as the Microsoft Dublin warrant case.
In examining how these events evolved, the biggest takeaway is that, for now, the US technology industry and the economies of the US and the EU have avoided a potential crisis.
For business transactions, e-discovery, and even email communications, in today’s digital world, data must cross international borders. The difficult reality is that the laws and regulations governing the handling of electronic data often change substantially across those borders. The data laws of the US and the member states of the European Union are a prime example.
Americans tend to place great value on access to information. US businesses, law enforcement, and litigants are able to collect vast amounts of data—especially compared to Europe, where the right to privacy is fundamental under the European Convention on Human Rights.