The Data Safe Harbor Rule
The Safe Harbor Rule was established in 2000 between the European Union (EU) and the United States (US). This agreement allowed businesses to legally funnel information across the Atlantic. Such data is normally transferred during global commerce, email correspondence, and even social media communication. Europe has stricter privacy guidelines to protect its citizens than the US does. Under the Safe Harbor agreement, US companies could “self-certify” that they met Europe’s stricter privacy standards in order to gain access to European markets.
In early October, the European Court of Justice ruled that the US approach to domestic surveillance was not up to European standards. Basically, this happened because the court was concerned that the US would compromise the data of European citizens swept up in our country’s growing mass surveillance machine. Consequently, this ruling made the Safe Harbor pact invalid virtually overnight.
The Safe Harbor Agreement 2.0
The European Union and the Unites States will be meeting on December 17th to create a new agreement for the Safe Harbor. They plan to conclude this agreement in January of 2016. The EU would like to see some changes in the new agreement such as:
- Privacy watchdogs to challenge US companies’ handling of EU data
- European citizens should be able to complain directly to national authorities about data protection
What Does an Invalid Ruling of Safe Harbor Mean?
This affects businesses and consumers from both the European Union and United States. Over 4,000 companies rely on the Safe Harbor for their data transfers, including:
Effects on Companies:
This affects any US-based company doing online business in the EU.
Many companies that relied on the Safe Harbor “Self Certification” will now have to obtain independent certification.
In Europe, EU standards from 1995 are now being used to determine whether a company’s data sharing is permissible. As of now, the EU operates under the Data Protection Directive. This requires that companies only transfer data to countries that offer adequate privacy protection.
For More Information: With Safe Harbor now “Invalid,” Companies Must Change Data Practices
Effects on Consumers:
Consumers in the US might not notice a substantial difference. European consumers may be cut off from US companies for a time, depending on how stringent the new rules become. It may take some time before US based companies have made the necessary adjustments to do business with the EU again.
Microsoft has stated they will be storing data in a German company, Deutsche Telekom, for their European cloud computing customers. Microsoft will not be able to access the data without permission of either the customer or the company.
This solution may be too expensive for many companies. As a result, the US has started offering customers and partners the opportunity to enter into ‘data processing addendums’. However, these are only a temporary solution. Consequently, many companies are awaiting to hear what’s in the new Safe Harbor Rule.