Article

William Yates
William Yates 9 October 2015
Categories Data & Analytics

Is Safe Harbor Sunk?

Safe Harbor agreement which has helped simplify legally compliant data transfer between EU and the United States has now been ruled invalid by the European Court of Justice (ECJ).

The fifteen year old Safe Harbor agreement which has helped simplify legally compliant data transfer between EU and the United States has now been ruled invalid by the European Court of Justice (ECJ).

 

In a ruling the ECJ has stated that the Safe Harbor agreement does not in itself eliminate the need for locally-based data privacy groups to ensure US enterprises are taking appropriate measures to protect imported EU data.

Cyber-Spy Concerns

This ruling initiated when Austrian privacy campaigner Max Schrems asked the Irish Data Protection Commission to audit what material Facebook might be transferring to the US and whether this data might find itself in the hands of those in the US involved with cyber-spying.


As an ISO 9001 and ISO 27001-certified agency, we at Novacom have a good understanding of data management, with inter-EU and international data security, and from our perspective, see significant and serious implications for all EU-based companies transfering data to the US.

‘Tick-Box’ Security

For the past fifteen years, EU businesses have relied on Safe Harbor as a tick-box exercise, because those signed up in the US were expected to have in place security measures to offer a level of protection similar to those present in the EU.

It was described as a ‘streamlined and cost-effective’ way to acquire EU data – through self certification – without transgressing EU data laws. But with this protocol abandoned, other, more focused transactional procedures will come into place.

Safe Harbor: What’s Changed?

From here on, personal data can no longer be transferred to US entities on the basis these entities have Safe Harbor certification. Now, the despatching and receiving parties will need to draw up and sign a document containing ‘model contract clauses.’


This agreement will comprise effectively standard clauses which will set out an agreement between the two parties on the way exported EU data is to be processed, handled and what data security measures are required in the US.

Shock Of The New

US data privacy laws are very different to those in the EU and are generally a lot less stringent in their protective power and the breadth of legal coverage. Similarly, data security laws are also less rigorous.

What this will mean is that when working with EU partners, these US entities will need to work to levels of security way above anything they have experience of to date.


So, the implementation and agreement of ‘model contract clauses’ will unlikely be ‘streamlined and cost-effective’ as Safe Harbor was described.

The Regulatory Minefield

These new EU-US data transfer laws, combined with the upcoming 2017 roll-out of the EU General Data Protection Regulation (GDPR) mean the data management and data security environment in the EU is changing significantly.

And with the huge financial penalties proposed for GDPR infringements, ever-more careful data management will be required to avoid the shifting sands of legal transgression and the financial consequences of non-compliance.

Negotiating The Legal Maze, Safely

EU-wide, marketers have enough work-time pressure dealing with gaining and maintaining completive advantage in crowded international marketplaces.

 

Therefore, unless these marketers can partner with digital agencies with the international legal knowledge required to avoid the ever-growing – but I think necessary – data security legislation, marketers are going to need to become lawyers to survive.

 

Original Article

 

Read More On Digital Doughnut

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
The Impact of New Technology on Marketing

The Impact of New Technology on Marketing

Technology has impacted every part of our lives. From household chores to business disciplines and etiquette, there's a gadget or app for it. Marketing has changed dramatically over the years, but what is the...

Alex Lysak
Alex Lysak 22 September 2020
Read more
The 3 Most Important Stages In Your Presentation

The 3 Most Important Stages In Your Presentation

If you want to deliver a presentation on a particular topic and you have to prepare yourself for it you should make sure that you go through several very important stages in order to craft a compelling, persuasive and...

Nicky Nikolaev
Nicky Nikolaev 16 February 2016
Read more
The Carrot of a Bigger Market is More Powerful Than the Stick of Legal Action in Driving Web Accessibility Investment, New Research Finds

The Carrot of a Bigger Market is More Powerful Than the Stick of Legal Action in Driving Web Accessibility Investment, New Research Finds

Getting web accessibility right is a massive commercial opportunity. The World Health Organization estimates that 1.3bn people worldwide are living with some form of impairment. The benefits of making it easier for...

Michael Nutley
Michael Nutley 30 November 2023
Read more
It’s Time For Brands to Move From Personalised, to Personal

It’s Time For Brands to Move From Personalised, to Personal

At a time when almost every brand is tailoring content and offers to individual customers based on their demographic data, purchase history, and online behaviours, are these personalisation efforts still adding value?...

Shafqat Islam
Shafqat Islam 27 November 2023
Read more
From Success to Setback: Lessons in MarTech Decision-Making

From Success to Setback: Lessons in MarTech Decision-Making

We often talk to clients about the consolidation of MarTech capabilities across vendors, to the point that it’s often not too difficult to pick up a new technology if you’re comfortable working with an alternative...

Andrew Addison
Andrew Addison 29 November 2023
Read more