Subscribe
Modern field guide to security and privacy

Opinion: Why the global tech industry needs Safe Harbor 2.0

The demise of Safe Harbor may be a victory for privacy advocates but it leaves global tech companies in the lurch. A new version of the deal is needed so that companies can get back to work while improving privacy protections for users around the world. 

 

  • close
    A Facebook logo is seen in front of the logo of the European Union. An Austrian privacy activist's case against Facebook eventually led to this week's ruling that invalidated the transatlantic data transfer agreement known as Safe Harbor.
    Dado Ruvic/Reuters/Illustration
    View Caption
  • About video ads
    View Caption
of

With the highest court in the European Union striking down the transatlantic pact that allowed thousands of organizations to transfer Europeans’ data to the US, the global tech industry is in something of a quandary.

Now European regulators can override the 15-year-old Safe Harbor pact because it exposes Europeans to indiscriminate surveillance by the US government and therefore violated their privacy rights. This has left companies and privacy lawyers scrambling to preserve businesses’ abilities to transfer Europeans’ data to the US before regulators issue fines or orders to suspend the flow of data.

Many consider the court's decision a victory for privacy advocates. But it's also a regulatory nightmare for US corporations – especially those that operate data centers and other services where the information is transferred outside the EU. Tech companies will need to rethink and potentially restructure their approach to data management. And doing that won't come cheap.

Recommended: What the EU Safe Harbor ruling means for data privacy

In the global tech market, there's no way to get around data privacy laws and regulations. The Safe Harbor decision is actually in line with the EU data regulations set to be ratified next year. So the EU is actually consistent in its application and interpretation of citizens' rights when it comes to free flow and protection of their information.

But in the wake of the court's decision, do we need a Safe Harbor 2.0? Obviously there needs to be something put in place – and it needs to be taken care of soon. You can’t just wipe out 15 years of Safe Harbor and expect businesses to operate as usual.

Tech companies must either comply with data privacy laws and regulations or face stiff penalties. And when it comes to jurisdictions, no two are alike in their regulations, privacy legislation, fraud and breach prevention. Regulations vary and have not been standardized when it comes to protecting data. Traditional information protection methods may be difficult to apply or useless when it comes to storing or harnessing data in the cloud.

Organizations of all sizes will have to better control their data, and be more prepared for what lies ahead. Unless you are continuously monitoring the rules, and put mechanisms in place to do so, you might not only be compromising your data but also your corporate responsibility.

This court's decision on Safe Harbor highlights just how fast regulations are changing. The 2015 Thomson Reuters Cost of Compliance report found that "more than a third of firms spend at least a whole day every week tracking and analyzing regulatory change. Global regulatory change is creating the biggest challenge due to inconsistency, overlap and short time frames."

Safe Harbor may not have been perfect, but removing it without a roadmap for the thousands of companies that are part of the agreement may appear reckless to say the least. Safe Harbor was better than no agreement at all. 

But with its demise, the onus is on businesses to establish themselves as trusted guardians of data. If they succeed, they'll benefit commercially. Still, they'll need guidance to ensure they can comply with Europe's toughening stance on data privacy – and for that, let's start working Safe Harbor 2.0 now.

Steve Durbin is managing director of the Information Security Forum. Follow him on Twitter @stevedurbin.

About these ads
Sponsored Content by LockerDome
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK