Skip to main content

Safe Harbor Overthrow Creates New Data Purgatory For US, EU Companies


The SIINDA conference in Prague concluded today with a panel of European publishers and lawyers discussing a range of legal and regulatory issues now facing companies operating in Europe: taxation, competition but mostly the defeat of the current Safe Harbor data transfer agreement.

On the panel were, Andriani Ferti, attorney, Clifford Chance LLP; Kostas Rossoglou, head of EU Public Policy, Yelp; Michal Feix, from Czech search engine; and Stephanie Verilhac, director SIINDA EU affairs.

They presented a picture of a legal and regulatory framework that was very much up in the air, a situation that is potentially as difficult for EU companies as it is for North Americans. And despite the PR-driven assurances by some US marketing executives, the regulatory reality in Europe is anything but clear at this moment.

EU panel on Safe Harbor

To recap, last week the European Court of Justice (CJEU) cited Snowden and NSA spying, in the Schrems case, to invalidate a long-established Safe Harbor agreement between Europe and the US that allowed the transfer and processing of data between servers in the US and Europe. The rationale was that EU citizens’ data was not protected when it traveled to the US and was subject to potential US government surveillance.

The decision also created or validated the idea of a private right of action by any individual against companies deemed to have violated privacy rights — meaning individual Europeans can now sue Google, Facebook and anyone else (e.g., Banks/credit card companies) they perceive to be violating their privacy rights under EU law. Arguably in a case where data transfer to the US, liability would be nearly automatic; however it’s unclear how damages might be calculated.

In addition, the CJEU ruling delegated power back to the 28 member EU states’ data protection authorities, which could potentially deliver inconsistent decisions. That has already started to happen with German data protection authorities recently suggesting that non-EU companies locate servers within Germany (vs. Europe). A pending overhaul of privacy regulations (GDPR) in Europe is intended to create a an updated and uniform framework for all of Europe, though the new rules have many potential problems.

In the wake of the CJEU-Schrems decision the European Commission issued a statement that Europe was interested in negotiating a new agreement with the US to ensure the free flow of information across the Atlantic, but one that was equally compliant with EU privacy laws. Here are the EU’s stated objectives and priorities in the wake of the decision:

  • the protection of personal data transferred across the Atlantic;
  • the continuation of transatlantic data flows, which are important for our economy, with adequate safeguards;
  • and the uniform application of EU law in the internal market.

The Commission suggested that there were alternative mechanisms currently available to enable data transfer to continue, such as private contracts and informed consent of individual consumers. While these mechanisms might work, there’s still a cloud of ambiguity hanging over these approaches too. Beyond this a new “safe harbor” agreement between the US and Europe might not be enough to overcome the data-transfer objections raised by the CJEU in Schrems.

EU data protection regulators from multiple countries are now promising guidance in the coming weeks on how companies should proceed in the wake of the CJEU ruling. We may be a year or more away from finalization of the new GDPR data protection framework. In the interim companies on both sides of the Atlantic need a way to operate internationally that isn’t going to subject them to a flood of privacy litigation simply because data is flowing between the US and Europe.

It remains unclear at this moment how that will happen.

via Marketing Land


Popular posts from this blog

How to Get SMS Alerts for Gmail via Twitter

How do you get SMS notifications on your mobile phone for important emails in your Gmail? Google doesn’t support text notifications for their email service but Twitter does. If we can figure out a way to connect our Twitter and Gmail accounts, the Gmail notifications can arrive as text on our mobile via Twitter. Let me explain:Twitter allows you to follow any @user via a simple SMS. They provide short codes for all countries (see list) and if you text FOLLOW to this shortcode following by the  username, any tweets from that user will arrive in your phone as text notifications. For instance, if you are in the US, you can tweet FOLLOW labnol to 40404 to get my tweets as text messages. Similarly, users in India can text FOLLOW labnol to 9248948837 to get the tweets via SMS.The short code service of Twitter can act as a Gmail SMS notifier. You create a new Twitter account, set the privacy to private and this account will send a tweet when you get a new email in Gmail. Follow this account …

Instagram Story links get 15-25% swipe-through rates for brands, publishers

Instagram may arrived late as a traffic source for brands and publishers, but it’s already showing early signs of success, driving new visitors to their sites and even outperforming its parent company, Facebook.For years brands, publishers and other have tried to push people from the Facebook-owned photo-and-video-sharing app to their sites. Outside of ads and excepting a recent test with some retailers, Instagram didn’t offer much help to companies looking to use it to drive traffic. So they had to find workarounds. They put links in their Instagram bios. They scrawled short-code URLs onto their pictures. And they typed out links in their captions.Then last month Instagram finally introduced an official alternative to these hacky workarounds: the ability for verified profiles to insert links in their Instagram Stories.Almost a month after the launch, 15% to 25% of the people who see a link in an Instagram Story are swiping on it, according to a handful of brands and publishers that h…

Five great tools to improve PPC ads

Every digital marketer wants to reach the top position on the search engine results. However, if you’ve recently launched a new website or your niche is saturated, starting with paid search ads sounds like a good idea.Strategically created PPC campaigns can drive leads, sales or sign-ups to your websites. You know what? In fact, businesses earn an average of $8 for every dollar they spend on Google Ads.Optimizing PPC campaigns is not easy, but it’s very powerful if you do it properly. Just like SEO, it is essential to conduct extensive keyword research, optimize ad copy, and design high-converting landing pages.Fortunately, there are a lot of effective PPC tools that will help you analyze your competitors’ PPC strategies, figure out tricks in their campaigns, and improve your PPC campaigns.If you are ready to take an evolutionary leap in your PPC advertising, take a look at my list of five amazing tools to save you time, give you crucial insights, and raise money for your business.Fiv…