The European Court of Justice ruled this week that the Safe Harbour agreement, in place since 2000, is now invalid. This story was originally covered in our blog in March 2015.
This is likely to create a sea change in where and how organisations hold their data. With clear guidance yet to follow in what could be a confused few months of local and conflicting regulation, there may yet be a scramble to create urgent interim measures both within Europe and US businesses (of which about 5,000 US businesses make use of the arrangement), relying on Safe Harbour for the freeflow of information between the territories.
Designed to be a “streamlined and cost effective” way for US firms to get data from Europe without breaking the rules, the Safe Harbour agreement allowed US firms to collect data on their European users and store them in US data centres as long as certain principles around storage and security were upheld (eg. Giving notice to users and advising them on how the data can be accessed and by whom). With the security agencies exerting surveillance pressure revealed in the Snowden leaks, the safeguards were viewed as not being carried out.
It is not just about Facebook (who through a lawsuit brought a privacy campaigner Max Schrrems challenged their use of private data), though the news will have a big impact for the tech giants such as Facebook, Google and Twitter who may have to build new data centres in Europe to counter this decision. It reflects the differences between the two cultures: in the EU, data privacy is treated as a fundamental right, whilst in the US, other concerns which might conflict are sometimes given priority.
The patchy interim to authorise the “export” of the data will require for the two bodies involved to draw up new “model contract clauses” setting out the US organisation’s privacy obligations.
For Data Controllers, this will be something of an administrative nightmare and will likely push up costs and cause delays. Managed Service Providers had better be thinking about their customer’s data with a sharper eye this week.
Amicus ITS Blog 