Discrepancies Between US and European Data Protection Causes Rift
Early this month, an agreement was reached between the United States and the European Union regarding American companies handling the personal data of overseas citizens.
This agreement created a “Safe Harbor” for U.S. companies by establishing that a U.S. company could simply give its assurance that it would properly protect the data of Europeans (and would need no other form of certification).
Promises are not generally taken at face value in the world of business, especially in terms of data protection. However, this agreement was more a symptom of desperate circumstances than intense discussion.
American companies currently dominate the industry of cloud-based data storage. European companies that rely on American clouds to store European data need access to the clouds to operate.
However, the European Union has passed much stronger sanctions protecting the data of its citizens than the United States has ever bothered to create. This presents a discrepancy in data-protective expectations that merits more than the band-aid solution that the original agreement posited.
At least, that’s what the European Court of Justice believed. In light of Edward Snowden’s outing of the United States government’s collection of massive, indiscriminate amounts of personal data via snooping on cloud service providers, the European court ruled that the Safe Harbor protections were not acceptable.
The court believed that there was a real threat that the United States government would ignore the Safe Harbor sanctions meant to protect the data of European citizens. The court also cited the fact that neither European individuals nor European privacy authorities had any real way to punish U.S. government agencies for snooping were they to decide to disregard the Safe Harbor agreement.
Accordingly, it declared the agreement invalid.
This came as a shock for many European and American tech companies. The agreement was invalidated without the implication of any grace period, so a lot of company leaders are being forced to choose between shutting down their companies or risking potential liability.
HyTrust Senior Vice President Fred Kost is skeptical about the decision:
“If companies want to completely comply, it likely means that they must examine what data they have from nations in the EU and begin moving the data to infrastructure housed in those nations or demonstrate that it is inaccessible if stored on infrastructure outside those nations via encryption or access controls,” Kost claimed. “The risk to companies lies in how quickly enforcement or legal action is taken.”
Berin Szoka of TechFreedom explained the matter further:
“The decision allows European regulators to start building a Great Privacy Wall around Europe to stop data from flowing to the U.S. — not because Facebook or any U.S. company did anything wrong, but because U.S. national security and law enforcement agencies can too easily access private data.”
Many see the White House as the source of the problem, and hopefully the source of the solution.
“If Congress had moved faster to pass privacy reforms after the Snowden leaks, this decision might have been avoided,” Szoka argued.