Safe Harbor and Access Control for Transatlantic Data Transfer

The deal was made public on February 2nd, two days after the initial agreed upon deadline for a solution had passed. Speaking on the deal, Vera Jourova, the European Commissioner for Justice said, “For the first time ever, the US has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms.”

The new framework is designed to facilitate the easy transfer of data between the EU and the US, while providing EU citizens with the same privacy protections afforded to them in the EU. With the deal in place, many of the 4,500 US companies that have a safe harbor agreement can breathe a little more easily, particular in light of the Weltimmo case – which could have forced US companies to comply with regulations in each European jurisdiction that they operate in, rather than the EU as a whole.

The new deal is still a challenge, though, and will continue to pose complex access control challenges for any US-based organization that collects, processes and transfers European citizens’ data. Companies will have to manage who can access European citizens’ data, and for what purpose. Additionally, the US Department of Commerce will carry out regular compliance checks of each company that has an agreement in place.

This means compliance officers will be asked to answer the type of questions that will cause internal teams to break out in a cold sweat. Forcing them to navigate through thousands of roles, documents and policies, in search of the answer to “What information can employee X in accounts, access”, or “Who can access files on UK-based customers?”

And while it sounds daunting, it doesn’t need to be a long and painful process. Especially if you’re familiar with Attribute Based Access Control (ABAC), which allows your organization to not only manage who does what and under what conditions, but also also prove it to auditors both from a user- and a document-centric access control perspective.

You can discover more about ABAC and compliance here. Personally, I expect more and more US companies will adopt this technology in the coming years, if nothing else just to uphold auditors’ and compliance officers’ sanity.

Oh, and if you want to get the lowdown on fine-grained access control and Safe Harbor, visit the dedicated Safe Harbor section of our site.

Babak Sadighi

Related Articles

You could build your own Authorization solution…but should you?
Dynamic Authorization
Having spoken with many customers about the challenges around authorization, one of the themes that has come up time and time again is whether an...
The one about ISO certifications | Dynamically Speaking
Dynamically Speaking
Recently, Axiomatics announced we’d achieved ISO 9001 and ISO 27001 certifications. But…what does that really mean? In this episode of Dynamically Speaking, Axiomatics COO Alexander...
What happened to Robinhood?
Recently, Robinhood shared they experienced a data security incident whereby someone gained access to the personal information of some customers. The attack stemmed from a...