Attendees at the Smart Industry 2015 panel discussion on worldwide data privacy were alerted to some disturbing news during the panel on Wednesday, October 7. Panelists informed the group that Europe’s top court had ruled the previous day that the 15-year-old Safe Harbor agreement allowing American companies to handle Europeans’ data had been made invalid.
“A good example of the growing extraterritorial reach of government happened yesterday,” said panelist, Adam Schlosser, Director, Center for Global Regulatory Cooperation, U.S. Chamber of Commerce. “This was a method by which companies that did business with Europe could transfer data legally back to the United States.” This legal mechanism is now gone.
The European Court of Justice is essentially the equivalent of the U.S. Supreme Court and so no appeal is possible.
From a U.S. Chamber of Commerce blog: “Businesses on both sides of the Atlantic are seriously concerned about the implications of today’s ruling,” said Myron Brilliant, Chamber vice president and head of International Affairs. “More than 4,400 European and American companies of every size have relied on this agreement to be able to move data seamlessly across the transatlantic economy while providing a high standard of protection for consumers.”
The thing to remember about this ruIing is that you need to pay attention to many different aspects of your data in order to stay within international legal boundaries. “It’s not just where you’re located,” Schlosser explained, “but it’s also where your partners are located, it’s where the data subjects and facilities are located that really impact the rules you have to follow.”
U.S. Chamber of Commerce blog: “Business Left Bracing After European Safe Harbor Ruling”
USA Today news story: “Europe’s top court rejects ‘Safe Harbor’ ruling”