The 4,000+ U.S. entities that relied on the Safe Harbor framework, ratified in 2000 between EU member states and the United States, are still awaiting direction from the Court of Justice of the European Union (CJEU) about how to proceed with transferring data that contains personally identifiable information (PII) about EU citizens.
The CJEU’s recent invalidation of the Safe Harbor framework has not only raised questions from businesses, but it has also “undermine[d] the underpinning of nearly all digital commerce between these two economic zones,” according to recent articles.
This article posits that several factors played into the CJEU decision. These include the evolution of the Internet and its ubiquity as well as the collection, storage and analysis of data collected through the “Internet of Things” and the devices that track everything from fitness regimens to mobile banking to whether one’s refrigerator is stocked with milk. The amount of PII being collected is staggering, and companies, governments and even hackers can monitor every move we make.
“Just as the U.S. oil embargo against Japan ensured that Pearl Harbor had to occur, the revelations by Edward Snowden of the monitoring of persons globally by the National Security Agency (NSA) ensured that the EU would have to take this action; it was only a matter of time,” according to Legaltech News.
Read the entire article here.
In a DLA Piper Privacy Matters blog post and subsequent webinar, the company’s data privacy professionals shared their thoughts on the impact of the Safe Harbor ruling. As they point out, it will take time to understand all of the implications of the decision, but its immediate impact is that it will stop the free flow of data transfer that thousands of companies relied on to support operations and “outsourced services involving a US cloud or software-as-a-service (SaaS) provider.” DLA Piper experts say that in the mid-term, they expect to see even greater uncertainty around data transfer from the EU to the United States, as the 28 national supervisory authorities each make decisions about it.
The Edward Snowden revelations in 2013 activated intense negotiations between the EU Commission and U.S. authorities “to reach a joint solution for the public concern and distrust generated by the revelations based on leaked documents from Edward Snowden . . . (which confirmed that US authorities can have access on a mass basis to personal data of individuals living in the EU).”
Despite being close to the end of this negotiating period, the CJEU’s Safe Harbor decision has abruptly halted the “momentum to reach a safe solution and risks a swift return to square one.”
To learn more about eDiscovery and how to navigate the changing technology environment, follow us on Twitter.