Europe’s privacy offices are now empowered to do more than look the other way at compromised data transfers.
Data transfer practice at US companies have reputedly poor standards facing the rest of the globe, particularly developed countries in the EU. The plain sense of the Safe Harbor agreement was to create a protected data pipeline to and from countries across the Atlantic. Unfortunately, actions conducted by US and UK intelligence authorities really victimized Europe’s data partnerships in the vagaries, compromising the intent and integrity of Safe Harbor agreement. This is has led to an Irish based uprising to successfully invalidate a law that provided no useful protections for data transfers. The ruling will impact the way e-commerce is conducted nearly immediately.
Privacy officers are scrambling to gird themselves under Article 25, EU privacy law. The are throwing out ‘model contracts’ as life savers, now they have been dumped overboard. They are consulting each other on the would-be Safe Harbor 2.0. Some coming in the form of binding contract resolutions, deferring to the standards of third party countries (Switzerland), auditing the existing data transfer priorities in order to produce a legal, viable alternative to continue commerce and trading. Some are even still standing on the sinking ship saying, “You may still honor the Safe Harbor stand… BLUB, BLUB…*!”
There is enormous potential for good to come from an upset; that privacy counsel, Daniel Solove, attributed to “cavalier attitudes” of US governance toward EU data protections. The legal privacy vacuum opened up by the Safe Harbor invalidation can now be filled with far better standards for the human rights of computer users in Europe.
The EU has initiated an atmosphere of conditional embargo with some potential for US-EU commerce based on practice that has failed to protect consumers. Unlawful smash & grabs of non-criminal data based on US laws conducted by the Five Eyes/ECHELON group violates computer users everywhere. The EU now has an opportunity to impose standardized consumer data protections with some real teeth on countries in violation of UNHRC privacy rights. They have cause to cease business relations with any county that doesn’t honor its agreements and violates the human rights of its citizens. While no country wants to pause commercial relations for long, the standards erected now could influence the way US companies collect and distribute data in a global economy respecting privacy.
There are terrific, diverse solutions for a higher global privacy standards. Almost instantly, the Snowden Treaty became a relevant goto for trade reform standard discussions. This suggests trade relations standards would not be harmed or frozen indefinitely over government spying, if companies assume socially responsible protections that do far better than existing law and governance policy. Privacy officials can now bring their most ethical and use friendly solutions for data management to the table to reform conventional business practices that even the most lazy and apathetic corporate counsels would be forced to conform to. US businesses may see the the data protections as a legal relief to require company wide adoption of encryption for all of their consumer and company products. Socially responsible privacy practice has legal means to flourish now the Safe Harbor falsehood has fallen apart. Finally, they are free to do better.
Reports have indicated that at least 4,500 US companies will be impacted by the Safe Harbor ruling. US businesses will sustain some suffering under drafting of Safe Harbor 2.0 scaffolds, but it’s really for the best.