Box Looks Beyond Privacy Shield With EU Binding Corporate Rule Approval

Box claims it now offers customers in Europe the highest possible standard for data protection after the European Union (EU) gave the company approval for Binding Corporate Rules (BCRs) – an alternative to the invalidated Safe Harbour legislation.

Safe Harbour, the previous data sharing agreement between the EU and US, was declared invalid in October last year and had been relied upon by Box and other major US tech firms to operate across the Atlantic.

Box COO Dan Levin told TechWeekEurope earlier this month at BoxWorks 2016 in San Francisco that invalidation was an “extraordinary” course of action for the European Court to take and that regulation needed to be adapted for cloud technology.

Box privacy

After months of negotiations, a proposed replacement for Safe Harbor called Privacy Shield has emerged, but Box said earlier this year it was still “looking” at the proposed regulations as well as a number of alternatives, namely BCRs.

Now the company has completed the EU approval process from various data protection authorities, including the UK’s Information Commissioner’s Office (ICO), Box can now act as both a data processor for its customers and a controller for its employees.

BCRs are company-specific, as opposed to the general regulations of Safe Harbor and Privacy Shield, and are deemed to be the EU’s highest possible data protection standard.

The cloud collaboration platform claims to be one of fewer than five US companies to have received the accreditation and the only one in its sector, highlighting the privacy and security it can afford potential clients, especially in regulated industries.

European push

“This is a huge milestone as we continue to scale internationally while focusing on offering what we believe to be the most secure enterprise content management platform in the world,” said Joel Benavides, Box’s senior director for global legal and advocacy. “The DPA’s approval of our BCRs enables companies across Europe to deploy a validated cloud environment in accordance with the highest data protection standards available today.”

Box has made international expansion a priority and has made several moves to boost the security and privacy of its product to attract new users in regulated sectors such as finance, health and the public sector.

These include encryption key management, data retention polices and data residency options, such as Box Zones, which gives customers a choice of data centres around the world in which to store information.

Quiz: What do you know about the cloud in 2016?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

2 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

2 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

2 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

2 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

2 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

2 days ago