I continue to be impressed by the new Microsoft under Satya Nadella. Here Brad Smith, Microsoft’s president and chief legal officer, discusses something I didn’t know too much about, the US-EU Safe Harbor. According to Wikipedia:

The US-EU Safe Harbour (now declared invalid) was a streamlined process which US companies could use to comply with the EU Directive 95/46/EC on the protection of personal data…

Intended for organizations within the European Union or United States which store customer data, the Safe Harbour Principles are designed to prevent accidental information disclosure or loss. US companies can opt into the program, as long as they adhere to seven principles and 15 frequently asked questions and answers (FAQs) outlined in the Directive.

With the October 6th decision by the Court of Justice of the European Union to strike down the agreement, a new agreement is needed. As discussed by Brad Smith:

We need to protect privacy as a fundamental human right. We need a global Internet. We need to keep the public safe. And we need to find a legal path that will work on both sides of the Atlantic. We need to do all four of these things together and simultaneously. This is the privacy version of a Rubik’s Cube.

If we’re going to find a long-term and sustainable approach, we need to think afresh. The leading privacy law in the United States was adopted in 1986. The laws in Europe come from the same era. The approaches that were developed 15 years before the 20th century ended are simply not adequate 15 years after the 21st century began. It’s not just technology that has changed. The world has changed.