Back in Summer 2014, I warned readers of DataIQ that the existing mechanism for data transfers between the European Union and the United States was barely fit for purpose. No less a warrior for individual privacy rights than Viviane Reding, architect of the forthcoming Data Protection Regulations, had said that, “we kicked the tyres [of Safe Harbour] and saw that repairs are needed.”
Before US regulators could haul the framework down to the garage, the Austrian law graduate Max Schrems took action of his own by suing Facebook. The social network relied on Safe Harbour agreements to ship data on European users across to its US base.
His victory at the European Court of Justice means this vehicle for moving personal information around is no longer roadworthy. The immediate impact is to make such EU-US data transfers unsafe, whether they are happening within an organisation’s own technical environment, through outsourced service providers or, especially, via cloud-based services.
If your company has a geographical footprint outside of the EU and relies on personal data for business-critical processes, here’s what you need to do:
It’s not often that headlines about a court case have a direct effect on how companies need to handle personal information. But if you thought the Google “Right to be Forgotten” case set an important precedent, this verdict on Facebook’s data transfers could have even bigger implications.
Thank you for your input
Thank you for your feedback
DataIQ is a trading name of IQ Data Group Limited
10 York Road, London, SE1 7ND
Phone: +44 020 3821 5665
Registered in England: 9900834
Copyright © IQ Data Group Limited 2024