Skip to main content

Safe Harbor Overthrow Creates New Data Purgatory For US, EU Companies


The SIINDA conference in Prague concluded today with a panel of European publishers and lawyers discussing a range of legal and regulatory issues now facing companies operating in Europe: taxation, competition but mostly the defeat of the current Safe Harbor data transfer agreement.

On the panel were, Andriani Ferti, attorney, Clifford Chance LLP; Kostas Rossoglou, head of EU Public Policy, Yelp; Michal Feix, from Czech search engine; and Stephanie Verilhac, director SIINDA EU affairs.

They presented a picture of a legal and regulatory framework that was very much up in the air, a situation that is potentially as difficult for EU companies as it is for North Americans. And despite the PR-driven assurances by some US marketing executives, the regulatory reality in Europe is anything but clear at this moment.

EU panel on Safe Harbor

To recap, last week the European Court of Justice (CJEU) cited Snowden and NSA spying, in the Schrems case, to invalidate a long-established Safe Harbor agreement between Europe and the US that allowed the transfer and processing of data between servers in the US and Europe. The rationale was that EU citizens’ data was not protected when it traveled to the US and was subject to potential US government surveillance.

The decision also created or validated the idea of a private right of action by any individual against companies deemed to have violated privacy rights — meaning individual Europeans can now sue Google, Facebook and anyone else (e.g., Banks/credit card companies) they perceive to be violating their privacy rights under EU law. Arguably in a case where data transfer to the US, liability would be nearly automatic; however it’s unclear how damages might be calculated.

In addition, the CJEU ruling delegated power back to the 28 member EU states’ data protection authorities, which could potentially deliver inconsistent decisions. That has already started to happen with German data protection authorities recently suggesting that non-EU companies locate servers within Germany (vs. Europe). A pending overhaul of privacy regulations (GDPR) in Europe is intended to create a an updated and uniform framework for all of Europe, though the new rules have many potential problems.

In the wake of the CJEU-Schrems decision the European Commission issued a statement that Europe was interested in negotiating a new agreement with the US to ensure the free flow of information across the Atlantic, but one that was equally compliant with EU privacy laws. Here are the EU’s stated objectives and priorities in the wake of the decision:

  • the protection of personal data transferred across the Atlantic;
  • the continuation of transatlantic data flows, which are important for our economy, with adequate safeguards;
  • and the uniform application of EU law in the internal market.

The Commission suggested that there were alternative mechanisms currently available to enable data transfer to continue, such as private contracts and informed consent of individual consumers. While these mechanisms might work, there’s still a cloud of ambiguity hanging over these approaches too. Beyond this a new “safe harbor” agreement between the US and Europe might not be enough to overcome the data-transfer objections raised by the CJEU in Schrems.

EU data protection regulators from multiple countries are now promising guidance in the coming weeks on how companies should proceed in the wake of the CJEU ruling. We may be a year or more away from finalization of the new GDPR data protection framework. In the interim companies on both sides of the Atlantic need a way to operate internationally that isn’t going to subject them to a flood of privacy litigation simply because data is flowing between the US and Europe.

It remains unclear at this moment how that will happen.

via Marketing Land


Popular posts from this blog

6 types of negative SEO to watch out for

The threat of negative SEO is remote but daunting. How easy is it to for a competitor to ruin your rankings, and how do you protect your site? But before we start, let’s make sure we’re clear on what negative SEO is, and what it definitely isn’t.Negative SEO is a set of activities aimed at lowering a competitor’s rankings in search results. These activities are more often off-page (e.g., building unnatural links to the site or scraping and reposting its content); but in some cases, they may also involve hacking the site and modifying its content.Negative SEO isn’t the most likely explanation for a sudden ranking drop. Before you decide someone may be deliberately hurting your rankings, factor out the more common reasons for ranking drops. You’ll find a comprehensive list here.Negative off-page SEOThis kind of negative SEO targets the site without internally interfering with it. Here are the most common shapes negative off-page SEO can take.Link farmsOne or two spammy links likely won’…

Another SEO tool drops the word “SEO”

This guest post is by Majestic’s Marketing Director, Dixon Jones, who explains the reasons for their recent name change.
Majestic, the link intelligence database that many SEOs have come to use on a daily basis, has dropped the “SEO” from it’s brand and from its domain name, to become Since most people won’t have used Google’s site migration tool before, here’s what it looks like once you press the “go” button:

In actual fact – there’s a minor bug in the tool. The address change is to the https version of (which GWT makes us register as a separate site) but that message incorrectly omits that. Fortunately, elsewhere in GWT its clear the omission is on Google’s side, not a typo from the SEO. It is most likely that the migration tool was developed before the need for Google to have separate verification codes for http and https versions of the site.
The hidden costs of a name change
There were a few “nay sayers” on Twitter upset that Majestic might be deserting it…

What will happen to influencer marketing if Instagram ‘Likes’ go away?

In April, app researcher Jane Manchun Wong discovered Instagram was testing removing “Like” counts on posts. At the time, an Instagram spokesperson told TechCrunch it was not a public test, but an internal prototype and that the company was “exploring” new ways to reduce pressure on Instagram.The possibility that Instagram – a primary platform for influencer marketing – may potentially eliminate “Likes” could impact the influencer community, causing brands to question whether or not an influencer has enough sway to contribute to the brand’s marketing efforts. Without an outward facing metric such as “Likes,” influencers would have to rely on other resources to prove their content is worthwhile – once such resource: influencer marketing agencies.Good news for agencies“I do see it as a good thing for influencer marketing agencies and platform providers,” said Leah Logan, VP of media product strategy and marketing for Collective Bias.Logan’s influencer marketing agency works with a numbe…