Data Transfer Between the E.U. and the U.S. at Risk Based on Ruling Today
By Alex Modelski
The European Union’s highest court on Tuesday struck down the “Safe Harbor” trans-Atlantic pact used by thousands of companies to transfer digital data between the European Union and the United States. For the past 15 years, over 4,500 companies have been allowed to store personal data about Europeans on servers here in the U.S. under the Safe Harbor agreement. Companies with international operations such as Apple Inc., Google, and Facebook, as well as small and medium-size enterprises, are affected by this controversial ruling. This case was initiated from a complaint filed by Austrian privacy activist Max Schrems with allegations regarding Facebook’s compliance with EU data-privacy rules. Mr. Schrems argued that allegations by former U.S. National Security Agency contractor Edward Snowden demonstrated that Facebook was not sufficiently protecting users’ data as it is subject to mass, indiscriminate surveillance by the U.S. government.
The new ruling also affects companies that provide cloud services and store large amounts of data on behalf of European companies. Trade groups worry that this ruling would hit small businesses who don’t have the legal resources necessary to adopt other data-transfer methods, whereas larger companies such as Facebook, Inc. and Microsoft may have backup legal mechanisms to avoid clashes with regulators.
Also affected, are businesses involved in billions of dollars in online advertising. People create personal data when they do a web search on Google, post something on Facebook, or order products from Amazon. Companies then use this data to tailor advertisements to users who may have an interest in similar products or services. This type of data is of great value and importance to these companies. The ruling also affects non-technology companies in the U.S. who store human resources information about European employees.
The decision certainly creates new legal risks for U.S. companies who have personal-data transfers but does not order an immediate end to such data transfers. It does, however, provide that national regulators may investigate such transfers to determine if they comply with EU law and suspend them if sufficient protections are not implemented. In response, U.S. commerce secretary Penny Pritzker is prepared to work with the European Commission to finalize a new Safe Harbor agreement as soon as possible.
One possible solution for companies is to obtain servers based in the EU to store personal data needed for a company’s operations. For further information or questions regarding the implications of this new ruling please contact Alex Modelski.
Alerts are published by Karr Tuttle Campbell to present information on legal matters which may be deserving of clients’ immediate attention. The information contained in this Alert should not be regarded as legal advice or opinion.