Data privacy is a hot topic.
Especially now that the EU court struck down the trans-Atlantic “Safe Harbor” pact, used by around 4,500 companies in the U.S.
Since 1995, there was a directive – put forth by the EU court – that personal data transfer to countries with inadequate privacy measures is forbidden. United States was one of those countries.
Well, since the year 2000, companies could transfer data to U.S, given that they take stricter measures to ensure the privacy of the data. This was referred to as the “Safe Harbor” agreement, which gave around 4,500 companies (like Google and Facebook) permission to transfer trans-Atlantic data.
On Tuesday the 6th of October 2015, the EU court ruled that the national regulators can now override this agreement, because it “violates the privacy rights of Europeans by exposing them to allegedly indiscriminate surveillance by the U.S. government.”, according to Wall Street Journal.
Read more about the “Safe Harbor” data-transfer pact over here.
The correct answer in complex matters like these is, “it depends.”
You might need to seek the aid of a professional privacy lawyer, if any or all of these hold true for your company:
1 You’re cloud-based
If you store data about your clients, customers, website visitors, users of your apps and such, you should definitely look into how the data is distributed globally within your company. If there’s data-transfer from EU to forbidden countries, seek the counsel of a privacy lawyer.
2 You operate both in U.S and within EU
The real secret behind the collapse of the agreement was the fact that the NSA (National Security Agency in the U.S) has been granted a very wide access to pretty much all of the commercial data in the U.S. EU court ruled that this puts the privacy of people within EU at risk, and thus, the agreement fell into pieces. If you have active operations in the U.S, this is especially actual for you.
3 You serve online audience
This is closely related to the point #1, but not quite the same. You can store all kinds of data in cloud without directly utilizing it to offer products and services. However, if in addition to storing data on the cloud you serve a global audience, you need to pay close attention to this, as there will be a portion of your audience within EU.
Fortunately for companies in the Industrial Internet space, this decision does not directly affect most of them (assuming that most of the data they handle is not personal data).
So, if you handle no personal data at all (which is somewhat unlikely), you hardly need to even think about this decision.
Most IoT-based companies, though, DO handle lots of personal data. In this global era that we live in, this is mightily relevant to them.
If any of the aforementioned conditions hold true to you, here are some options for you.
1 Seek legal advice well in advance
If you are to transfer personal data from EU to U.S, you need to be able to verify that your procedures meet the EU requirements for safe data processing. This can be a lengthy and costly process, so earlier you begin, the better*
2 Store personal data within EU
If you have lots of valuable personal data within EU, why not leave it there? This could be a LOT cheaper and more streamlined option than to enter the legal battles in the EU.
As part of our Discovery Analytics Service client, all of your data will be stored safely within EU, meeting all the national requirements for data privacy and protection. If you would like to prevent the costly trans-Atlantic data-transfer hassle altogether without interruptions to your business, contact us for free consultation on safely storing your data within EU.
*Opinions only. None of the content in this article should be considered as legal or professional advice.
COO, Service Delivery
+358 40 550 2524
Keilaranta 17, C-talo