Have your data protection responsibilities just changed?
The agreement that allowed businesses to send personal data between countries in the EU and the US has been declared void by the European Court of Justice, on the grounds that it does not protect against US surveillance.
Yesterday’s abandonment of the Safe Harbour agreement (spelled Harbor in the official pact) will directly impact the way your business is allowed to handle personal information on your clients and your colleagues.
What does this mean for your business?
If you use Cloud based services or US-Owned infrastructures like Office365 and Google Docs, any personal data from your customers or employees will have to pass through a US server. As a result, the US will have a record of this information and has the ability to access it without your knowledge or consent.
Even if the programs and services your business uses are based within the EU, the data may be backed up on a US Cloud. This means that software based in an EU area won’t necessarily coincide with data protection laws.
What was the Safe Harbour agreement?
Safe Harbour was an agreement which protected any personal data of EU citizens that passed through the US. As a result of Edward Snowden’s actions, the European Court of Justice has ruled that Safe Harbour cannot be upheld in a court of law as it cannot claim to keep data that enters the US private.
Personal data transfers between businesses within the EU and the US have not been suspended, but the EU now has the authority to investigate these transfers if it suspects that personal data is not adequately protected.
What happens next?
Some companies are amending their terms and conditions, but this does not negate the EU’s ruling. Currently businesses do not need to take any immediate action, but should wait for guidance from the EU, UK and suppliers.
All US based services are still running for EU businesses, as are those within the EU that directly or indirectly use US servers. Mitol Ltd will keep you updated on any further developments