In a decision with widespread implications for the international transfer and processing of data - and the companies that provide these services - the European Court of Justice has ruled the EU-US Safe Harbour pact invalid. Experts are warning of massive disruption to international business.What, you may be wondering, is the Safe Harbour pact?
The agreement was reached in 2000, following the introduction of the European Union Directive on the Protection of Personal Data which became effective October 1998. The Directive prohibits the transfer of data outside the EU to third party nations that don't meet the EU test of “adequacy” with regard to privacy protections. The Safe Harbour Decision enabled US organisations to “self certify” that their data protection systems met the EU adequacy test so they could lawfully transfer personal data from the EU to the US for the purposes of storage and processing.OK, so who peed in the corn flakes?
Today's decision striking down Safe Harbour came about after an Austrian law student, Maximillian Schrems, a Facebook user since 2008, lodged a complaint with the Irish Data Protection Commissioner that his personal data was being unlawfully processed by Facebook in the US. His claims were based on revelations by Edward Snowden regarding cooperation between the US National Security Administration (NSA) and companies such as Facebook to access the personal data of social media users.Well, well, well. How's that whole Eye Of Sauron thing working out for you, Fed.Gov? The implications of this are wide ranging:
Daniel Castro, vice president of the Information Technology and Innovation Foundation said: “In the wake of the Snowden disclosures, European citizens and policymakers are understandably concerned about privacy safeguards in U.S. law. But abruptly revoking the Safe Harbor agreement was the wrong way to address those concerns. It will disrupt not just the thousands of U.S. and European companies that currently depend on the Safe Harbor to do business across the Atlantic, but also the broader digital economy. Aside from taking an ax to the undersea fiber optic cables connecting Europe to the United States, it is hard to imagine a more disruptive action to transatlantic digital commerce. Policymakers in the United States and EU should work together swiftly to implement an interim agreement so that we do not shut down transatlantic digital commerce overnight.” [Emphasis by me - Borepatch]
Someone just figured out how to change things. Remember, when they say the issue is one of principle, it's all about the money. This will be massively expensive for US companies to address - basically they will have to replicate their entire infrastructure in the EU and put up firewalls between their EU and US operations. That will show up in the bottom line, and that will make their stock prices nosedive.
And that will hit Silicon Valley where it hurts.
Keep your eye on this - this is perhaps the biggest (i.e. most expensive) security news in history, and the ripples will be felt for a long, long time. Maybe even all the way to Ft. Meade.