Safe-Harbour supposedly means that when a European citizen’s personal data is being processed by a U.S. company on U.S. based computers, it enjoys the same protection it would on a European-owned system.
However, the European Commission is now set to issue new guidance about data transfers to the U.S. following an EU court ruling which deemed the current Safe-Harbour agreement invalid.
Examples of Safe Harbour Disputes
The court upheld a complaint by a Facebook user from Austria who argued that Safe-Harbour did not in fact give European consumers adequate protection against snooping by U.S. intelligence agencies.
The problem is that the U.S. government now treats any data on computers of U.S. owned companies anywhere in the world as fair game for audit. As a case in point, Microsoft is currently appealing a U.S. court ruling which gives the U.S. government the right to access data held in one of the company’s Irish data centres. Safe-Harbour therefore applies to U.S. companies but not to the U.S. government which has effectively brought down the whole house of cards.
An Obvious Solution?
One obvious solution is to store data on servers in Europe, owned by European companies such as nCrypted Cloud and bxp software which respectively offer secure DropBox solutions and encrypted CRM solutions.
In the longer term the problem will be the widening gap between the U.S. and Europe whose privacy laws will increasingly be at odds with the U.S.’s treatment of data, which some have characterised as high handed, and has demonstrably led to an increase in the amount of data collected, traded, and sometimes stolen.