How will ending Safe Harbour affect your data?
13 October 2015
- Safe Harbour agreement ruled invalid
- The judgment will affect more than 5,000 companies
- Ruling can only be a good thing for data protection
- A new era of digital data providers could be ushered in
Professor Mark Skilton believes the demise of the Safe Harbour agreement could prompt a new era of digital data providers that are honest and open with how they use consumers’ data.
The Safe Harbour agreement has been in place for the last 15 years as a way for US firms, including tech giants like Facebook, to self-certify they are carrying out adequate privacy protections. This is because the EU forbids personal data from being transferred out of the EU to the US unless such adequate protection is in place.
In that time it has helped tech firms and other companies send data from the EU to be stored in data centres in the US.
However with the European Court of Justice now ruling the agreement invalid, more than 5,000 companies who utilise it may be rushing for an alternative.
Professor Skilton said: "The gap between US and European legislation on privacy is at breaking point; the Snowden revelations compounded by the fundamental differences in privacy rights of citizens, has been severely tested by government and commercial practices out of touch with countries’ economic needs.
“It may be no bad thing in the long run as the issue of ‘free’ data use and personal ownership seem to have been lost in the dash for a ‘digital markets territory land grab'.”
What was the Safe Harbour agreement?
The Safe Harbour agreement was brought in to allow US firms to move data from the EU to the US – something usually forbidden by EU privacy law.
It was struck by the European Commission and US Government to protect EU citizens’ data should it be transferred back to the US.
This was because the US does not have one single federal law regulating data storage: its constitution does offer some protection to US citizen data, but no sure assurances for foreign citizens.
Why has Safe Harbour now been ruled invalid?
The Safe Harbour agreement was ruled invalid following a two-year case involving Austrian privacy campaigner Max Schrems who argued in numerous complaints against Facebook it did not adequately protect consumers.
This came following the Edward Snowden revelations about the US government’s Prism surveillance program that allowed it to collect data from Facebook and other such big tech firms.
What does the Safe Harbour ruling mean for US firms?
Going forward the nullification of this agreement means that movement of data from the EU may become litigious if EU consumers and partners have grounds to believe their consent for data storage and usage has not been agreed.
Companies will be able to transfer data if they have free and informed consent of users.
US providers such as Salesforce, Microsoft and Google have responded by adding to their terms and conditions to enable data to continue to be moved to the US with legal instruments such as ‘model contract clauses’ to authorise the transfer of data outside of Europe.
A number of companies are also establishing EU-based data centres to handle data for EU citizens, in effect avoiding the need for model contract clauses.
Balancing the rights
"Concern over consumer needs seem to have been put to one side by companies seeking to build their markets and also tempted by the influx of data on buyer habits,” said Professor Skilton, who is author of Building The Digital Enterprise and Building Digital Ecosystem Architectures.
“This in turn has been a gold mine for intelligence agencies and hackers alike, leaving the consumer protection laws in tatters, something that customers are now only just waking up to.
"There certainly needs to be regulations that balance consumer rights against the large internet companies' business need to use people’s personal data to provide a better service.
“If the EU put conditions on how cloud companies used personal data then it may help redefine what is personal property in the digital world and help to finally answer the question as to whose data is it anyway?
“Let’s finally be clear on commercial rights for both consumers and internet companies in the digital world.”
Many consumers don't know how their personal data is being used by internet services and Professor Skilton hopes the ending of the Safe Harbour agreement will lead to a new of transparency from companies on how they use customer's information.
Professor Skilton said: "The digital economy is growing at 20 to 30 per cent in many sectors and this growth will not be damaged by these changes. Even if there are stricter controls on data, the benefits of searching and online markets are obvious and are driving huge economic growth.
"But consumer rights and personal data need more protection. Just because our personal data is hidden and ’taken care of’ by a provider does not automatically transfer rights to them to use that data, surely?
"I hope the EU preserves the power of the digital world, but also encourages better visibility and a new era of digital data providers that deliver the choice for consumers on how their data is used.
"With 10 to 20 per cent of personal daily activity now digitally tracked across mobile devices and a possible further 20 to 30 per cent of daily work and social activities being tracked by general monitoring and surveillance, this means potentially 50 per cent of personal data being ‘out there’ and used by companies freely and probably unknown to the customer.
"The 'digital economy' has many conveniences but at what price?”
Mark Skilton teaches Introduction to Consulting and Developing Consulting Expertise on the MSc Business suite of Postgraduate courses. He also teaches Information Systems Consultancy on the MSc Information Systems Management & Innovation.