The European Court of Justice has struck down the Safe Harbor agreement that allows organisations to transfer data from the EU to the USA, a ruling that follows the US authorities’ mass surveillance activities of European citizens, leaked by Edward Snowden back in 2013.
Established in November 2000, Safe Harbor is a policy agreement between the United States Department of Commerce and the European Union, which regulates the way US companies transfer and handle the personal data of European individuals. Simply put, it allows American companies to transfer personal data from Europe to the USA easily, without breeching European law.
What does this mean for US companies?
While the collapse of this transatlantic pact is a victory to European privacy advocates, the decision to make the safe harbour agreement invalid has huge implications on US companies, particularly in the technology, telecoms and cloud space.
With as many as 4,500 companies relying on this transatlantic transfer of personal data, the ruling means that these companies potentially have to restructure how they manage, store and use their data in Europe, a task that will require a lot of time and money. With marketing generating much of this data, it’s a worrying time for marketers who work with American companies.
Fortunately there is no need to panic: at least not yet! The Article 29 Working Party, Europe’s independent advisory body on data protection, has given the US government and European Commission until January to negotiate new safe harbour agreements. If these negotiations aren’t successful, Silicon Valley could see some serious legal battles.
Since negotiators have failed to reach a new deal despite two years of discussions, these new time constraints place them under increased pressure. The threat is very real as European privacy regulators could begin issuing fines and banning overseas data transfers in the New Year, if a new agreement has not been reached.