The European Court of Justice (ECJ) has ruled that the transatlantic Safe Harbour framework is invalid, but what does that really mean for business?
Hang on, what is Safe Harbour?
For businesses of all shapes and sizes, data and analytics are arriving from multiple sources at a startling velocity, volume and variety. Businesses are required to capture, understand and store a gigantic amount of data on a day-to-day basis. The storage part is where Safe Harbour comes in to the picture.
For up to 15-years, over 4,000 businesses have been storing personal EU data using US cloud services through the use of the Safe Harbour framework. The self-certification framework has been used to certify the security of personal data by asking businesses to abide by seven principles.
The framework allowed the majority of businesses to employ US-based cloud services to store or process personal data, whilst adhering to European regulations.
On Tuesday 6th October this framework officially became invalid according to the ECJ ruling.
What went wrong?
It all started with Max Schrems, a 28-year-old Austrian law student, who filed a series of complaints against Facebook in Ireland. Max requested that Facebook stop the transfer of European users’ data to its US servers. He argued, following the Edward Snowden’s revelations, that the data storage risked the US government snooping on personal EU data.
This complaint, that the US did not provide sufficient privacy safeguards for data, was upheld by the EU’s highest court. The ECJ therefore declared that the self-certification Safe Harbour agreement stood in the way of Europe’s national data protection watchdogs, which intervene on behalf of citizens who complain about privacy infringements.
What does that mean for the future of business?
Right now, it is too early to tell what the future will hold for transatlantic data storage. The future is in the hands of the ECJ and the US, as we await the renegotiation of a data sharing agreement. Ray Pinto at FleishmanHillard Brussels has said that the recent ECJ decision “will likely complicate the talks and lead to an increasing of the legal bar and requirements to be considered adequate safeguards.”
At the moment it may be all up in the clouds, but businesses do need to take this issue seriously. Many organisations have already started to reorder their data storing strategies to make sure that they don’t take a big risk with big data. Whatever the outcome, it seems clear that last week’s ruling will have far-reaching implication for both business and consumer cloud services for some time to come.
Stephanie Croucher, Graduate Trainee
Find Out More
January 21, 2021