Last 6th of October, the ECJ (European Court of Justice) invalidated the “Safe Harbor” agreement, corner stone of the personal data transmission between European Union and United States.
But what are the consequences of such a decision for us, daily users of Google and Facebook ?
Safe Harbor’s limitations
The Safe Harbor Agreement was settled in 2000 in order to protect the private life of all European users using American companies’ online services. During this process, users had to provide personal data without any insurance that this data won’t be used to a different end than it is supposed to be. The agreement was the warranty of the data protection.
But It has shown its limitations especially in 2013 with Edward Snowden’s disclosure about the NSA mass monitoring programs and also several complaints against Facebook. European citizens data weren’t actually well protected.
These first warnings led to this judgment of the European Court of Justice. But what does it really mean? Will Facebook be really affected by this decision?
An ocean of agreements and clauses
It actually doesn’t change anything for big companies. They don’t even need to store all the European data collected in Europe. But they can’t use and hide themselves behind this agreement anymore if they meet issues the legality of data flows between Europe and United States.
But Safe Harbor isn’t the only agreement and Facebook ensures to not only use this one but also others methods recommended by the EU in order to legally transfer data. It is common for such big companies to go through other types of contracts like internal firms’ contracts or contractual clauses that, often, are more complete than Safe Harbor.
The need to revise this agreement
The potential issue of this decision is precisely the development of this kind of contracts between companies and European countries with the risk of losing the global frame inspired by Safe Harbor.
To avoid this, the agreement will be renegotiated. It actually was renegotiated even before the ECJ decision. But as every such big decision, it will take a lot of time before a definitive new agreement is approved. Especially in a world where data is circulating fast and where it is nearly impossible to ensure that it won’t be lost at some point.
It would mean a total change in the American law that is, by the way, not likely to happen. And even if it would happen; we should have to wait until the next nullification coming from the ECJ.
Who’s the main looser with this nullification?
Safe Harbor doesn’t only involve big companies but smaller companies as well (4000 companies were subjected to this agreement). These smaller firms are now in what we could call a legal vacuum until the next decision regarding this judgment. All the web players are now pressuring the European Commission and the US Government to reach a new agreement as soon as possible.
More than just a decision against big Americans firms, the agreement is a strong mean to protest and report NSA mass monitoring going totally against European law principles.
For its part, the US government was disappointed after this decision, reporting the uncertainty of transatlantic digital economy booming. It doesn’t involve firms anymore but it is a matter between governments in which Facebook does not want to take part.
The next steps are to follow with a lot of vigilance for smaller companies. On the contrary of bigger companies such as Facebook, it will be more difficult and will require investments for them to find a way to store data abroad. Facebook already plans the worst investing in data storage servers in Europe with its Irish subsidiary.
With the rise of Cloud Computing, we can wonder how this data will be regulated to fit the new protection requirements…