In Part One of a two part post, we take a look at how we arrived at the current position and what it means. Part Two will explain why storing data in Ireland is good for privacy, regardless of where your company is based.
In October last year, the European Court of Justice (CJEU) ruled that the ‘Safe Harbour’ data transfer agreement between America and the EU was invalid. For 15 years, Safe Harbour had allowed American companies to transfer EU citizens’ data across the Atlantic, effectively sidestepping rules governing data transfers outside the EU. In the aftermath of the Edward Snowden revelations and debate around NSA’s surveillance of ordinary citizens’ online communications, the EUCJ decided this wasn’t good enough anymore.
Since the ruling, EU and US authorities have been trying to hammer out a new deal. Critics argue that the current framework, called ‘Privacy Shield’ won’t stand up to the inevitable challenges to it.
Deal or no deal?
In the meantime, the UK and US recently began work on a deal that would enable the exchange of citizens’ data at the request of law enforcement agencies – if finalised, it would allow authorities in both jurisdictions to go directly to US-or-UK-based firms with data release orders.
There’s a genuinely simple way you can ensure that EU data is treated with EU standard protections: keep the data in Europe.
The much-anticipated EU General Data Protection Regulation (GDPR), due to become law this year, is geared towards uniformity, making it difficult to read exactly how this solo run from the UK will pan out. A key component of the GDPR will be the formation of an officially sanctioned, independent advisory body made up of each member state’s data protection authority (DPA) to decide on how the regulation should be applied – which may or may not be harmonious.
Sure to be sure
At the heart of the EUCJ’s decision on Safe Harbour was the view that the levels of data protection and privacy afforded to people in the US aren’t up to EU standards. While the US will argue that’s unfair – and recent changes promise to give EU data subjects better protection in the past – there’s a genuinely simple way you can ensure that EU data is treated with EU standard protections: keep the data in Europe.
Better still, keep it in Ireland, where you not only enjoy all the protections afforded by the EU regulations, but also the full support of a legal system that absolutely recognises those rights. After all, the ruling that ultimately led to the Safe Harbour decision began in Dublin’s High Court, which first registered concerns about the potential indiscriminate collection of personal information by US authorities in 2014 – and referred those concerns to the CJEU.
Read Part Two of this post to get the full picture.