The new EU-US Safe Harbor agreement, Privacy Shield, is a step in the right direction for transatlantic transfers of personal data, but it's not enough by itself, according to Microsoft.
The firm's EU government affairs VP John Frank is upbeat about the yet to be finalized agreement, a draft of which was published by the US in February, following President Obama's signing of the Judicial Redress Act.
That Act offers some protections for Europeans when data is transferred to the US and used by law enforcement.
However, Max Schrems, the Austrian who brought down the Safe Harbor data-transfer agreement, isn't impressed by Privacy Shield and thinks it will probably suffer the same fate as its predecessor if challenged in court.
European data-protection authorities are still reviewing the draft document, but in a post on Monday, Frank said Microsoft is backing the agreement in its current form and has pledged to "sign up" for Privacy Shield when it is implemented.
"We have reviewed the Privacy Shield documentation in detail, and we believe wholeheartedly that it represents an effective framework and should be approved," Frank said.
However, Frank also noted a few shortcomings with the agreement, particularly in areas relating to its current legal battle with the Justice Department over access to email stored in Microsoft's Irish datacenter.
"We continue to believe today that additional steps will be needed to build upon the Privacy Shield after it is adopted, ranging from additional domestic legislation to modernization of mutual legal assistance treaties and new bilateral and ultimately multilateral agreements. But we believe that the Privacy Shield as negotiated provides a strong foundation on which to build," Frank said.
Microsoft has now committed to responding to any complaints it receives about its participation in Privacy Shield within 45 days and to work with EU data-protection bodies to resolve any disputes under the agreement.
Earlier this month, Schrems criticized European policy makers for failing to overhaul the Safe Harbor agreement in line with the 1995 Data Protection Directive, and with the European Court of Justice's ruling that for transfers to the US to be legal, US laws would need to offer equivalent protections to those available under EU legislation.