A few weeks ago we briefly mentioned the court case against Safe Harbour – the agreement that allows “streamlined and cost-effective” data transfer between the US and EU. Well, the pact has now officially been ruled as invalid – here’s a quick breakdown on what it is and how the changes will affect you.
What is it?
The Safe Harbour agreement was struck up by the US and EU 15 years ago to give the US access to European information without technically breaking any of the rules around EU data protection. To get around the barriers, US firms were allowed to self-certify and say that they were treating the data in line with the rules.
Following the Snowden situation everyone’s realising they need to be a wee bit more careful about where their data is going, and who it’s going to. Max Schrem, a privacy campaigner in Ireland where Facebook has its European HQ, asked for an audit to check what data Facebook was giving up. FB was able to refuse under Safe Harbour; it then got escalated to the European Court of Justice and that’s when it all kicked off.
The European Court of Justice has now ruled Safe Harbour invalid and it looks like there will be an investigation into the case. “The judgement has clarified that it is now time for the data protection commissioner to revisit Mr Schrems’s complaint and carry out the necessary investigations,” said Dara Murphy, the Irish data protection minister.
What does this mean for privacy and for business?
This could have a knock-on effect for other companies, and be a win for privacy, as Murphy said there’s now an opportunity “to set robust global standards for the protection of personal data”.
On the flipside, big data-heavy companies are getting a bit nervous. Facebook has strongly denied it’s providing back door access to intelligence agencies, and said: “This case is not about Facebook. What is at issue is one of the mechanisms that European law provides to enable essential transatlantic data flows. The outcome… will have significant implications for all Irish companies who transfer data across the Atlantic.”
There’s also talk of retaliation from the US and that it could mean other methods are used to gather data: “Thousands of US businesses rely on the Safe Harbour as a means of moving information to the US from Europe,” said Richard Cumbley from the law firm Linklaters. “Without Safe Harbour, they will be scrambling to put replacement measures in place.”
Others are worried about the practical implications for business. “It’s not just about companies whose core activities are data processing – i.e. the Facebooks of the world – it’s the companies who don’t have data processing capabilities of their own and transfer personal data abroad to get it done,” explains Allie Renison from the UK’s Institute of Directors.
“So, if you’re a company that sends payroll data for administrative purposes across to the US, that becomes an issue. Likewise, it affects you if you’re a firm trying to send over data about your customers for a marketing campaign.”
It could ultimately lead to the acceleration of implementation of a “Safe Harbour 2” agreement, although this is probably a way off. What the EU ultimately wants is a more robust framework for data protection within the US; for example, third party regulation while they’re holding it.
The European Commission has said it’ll issue “clear guidance” to help connect the patchwork of data laws so that there won’t be a whole mess of conflicting rulings going out.
What does this mean for you?
Make no mistake – this concerns your data and it could be a pivotal case for who’s getting to look at it. The important thing is that right now there are no clear guidance or agreements in place. As always it’s important to know where your data is hosted and the laws that govern it.
UKFast customers do not have to worry about the concerns relating to the Safe Harbour issue. We keep all our customer data in our UK-based UKFast data centres, which means UKFast is fully compliant with the Data Protection Act.
To get the full story on what the safe harbour ruling means for your business read our Safe Harbour whitepaper or give us a call on 0208 045 4945.