The US-EU Safe Harbor Framework Collapsed


The recent decision made by the European Court of Justice to invalidate a major, 15 year-old data-sharing agreement sent shock waves across the Atlantic. American companies like Facebook, Google, and Twitter that have historically transmitted  information between the US and Europe may be prohibited from doing so in the future.

What is the Safe Harbor agreement?

Established in 2000, between the United States and the European Union, the Safe Harbor Framework was designed to allow the flow of data from the EU to the US. The agreement was necessary because five years earlier, the EU had adopted an adequacy standard for privacy protection. The transfer of personal data gathered within the EU for commercial purposes to locations outside the EU was also prohibited unless such locations demonstrate an “adequate” level of data protection commensurate with EU standards.

The Safe Harbor Framework allowed companies in the US to transfer European citizen’s data to America, so long as those companies had privacy protections that met the EU standards on privacy and self-certified to that effect.

Why was it ruled invalid?

In the wake of the revelations of pervasive access to digitized data by US Intelligence agencies, Australian student and activist, Max Schrems filed a complaint against Facebook. He had argued that in light of Snowden’s revelations about the NSA, the data he provided to Facebook that was transferred from the company’s Irish subsidiary to the US under the Safe Harbor scheme was not, in fact, safely harbored. Advocate General Yves Bot of the CJEU agreed with Schrems that the EU-US Safe Harbor system did not meet the requirements of the Data Protection Directive, because of NSA access to EU personal data. Schrems sent complaints to data protection agencies in three different EU countries – Ireland, Germany, and Belgium. He has asked these countries to suspend the flow of personal data from Facebook’s operations in Ireland to the Unites States.  

Schrems noted that his recent complaint is only about Facebook, and that most of the 4,000 plus US companies that lost the ability to transfer data from the EU to the US using the Safe Harbor framework aren’t directly affected. However, he did warn that other companies participating in NSA’s PRISM spying program, such as Apple, Google, Microsoft, and Yahoo, may face complaints in the very near future.

What are US companies saying?

The Internet Association, an industry body that represents the likes of Amazon, Google, and Netflix, said “companies have mechanisms in place to effectuate data transfers beyond the Safe Harbor”, but added that it is the “smaller companies and consumers” in the US and EU that could “experience significant challenges going forward”.

Uncertainty will prevail, at least for the next few months. In the long term, most analysts predict a more restrictive approach to data transfer and handling of European data. It is likely that many US companies with European customers will need to ensure that their data stays within EU borders.

How can StrataCore help?

StrataCore’s comprehensive knowledge of the data center, hosting, and cloud vendor landscapes in Europe and across the globe can facilitate a rapid deployment of infrastructure in the EU. This will enable US companies to ensure that their European customer’s information remains in the EU and alleviate privacy concerns. Click here to chat with an Advisor.

Subscribe to get the latest IT trends, news and advice, right in your inbox

Ready to take your IT infrastructure to the next level? Talk to StrataCore today.

Skip to content