In a recent ruling, the European Court of Justice struck down Safe Harbor, which dictated the rules for transatlantic data flow between the United States and the European Union. The invalidation of Safe Harbor carries significant consequence for American e-commerce firms who operate in Europe. Companies like Google and Facebook—as well as the U.S. administration—now must make high-profile decisions in response to the ruling.
Europe has broad legislation protecting the personal information of E.U. citizens from being exploited by businesses. The U.S., in contrast, only codifies privacy against government institutions and for certain high-sensitivity data (e.g. health records, etc.) Safe Harbor’s “principles” are more flexible extensions of the E.U.’s privacy laws; violations of Safe Harbor could result in sanctions from a self-regulatory organization or the Federal trade Commission.
When Europe’s highest court invalidated the agreement, it was under the premise that European citizens were being manipulated by U.S. tech companies as well as by the U.S. government. The ruling was a reflection of a recent decision made by an Irish court on Safe Harbor’s illegality. Any new agreement drafted will have to contain more stringent privacy rules, and will therefore create more limitations for U.S. firms.
Facebook and Google’s immediate options include continuing business practices in a time of legal uncertainty, shutting down their European operations (resulting in major loss), or changing the business model to include more data collection centers in Europe. The last alternative would require companies to keep European and American data completely separate, with the consequence of economic inefficiency.
Article via The Washington Post, 6 October 2015