THE case of the “whistleblower” Edward Snowden looks set to have far-reaching consequences that could hit the operations of global corporate giants like Facebook and Google and any other company that transfers data outside the European Union.
The EU has the strictest data protection laws in the world and they forbid digital information transfer to countries that do not meet the “adequacy” standards. Very few countries do meet the EU standards, including, perhaps surprisingly, the United States.
Multi-nationals like Google and Facebook have been using a framework called Safe Harbor as a mechanism for facilitating and safeguarding trans-Atlantic data sharing.
However, the European Commissioner for this digital data, Viviane Reding, has recently expressed concern about Safe Harbor, stating that it “might not be so safe after all”. She also added that it “could be a loophole”.
Safe Harbor is supervised by the US Federal Trade Commission and American companies self certify that they meet certain privacy requirements set out in the framework.
This alleviates the need for obtaining individual consent and establishing complex rules for cross-border data transfers.
The comments from Ms Reding suggest that Safe Harbor could be about to hit the rocks. Her office is reviewing the framework and will publish its recommendations later this year.
Combined with proposed new tighter EU data protection regulations, this would mean the end of a provision that the likes of Facebook and Google have relied on for years.
President Obama and others continue to say that eliminating or eroding Safe Harbor could compromise the internet economy, which suggest that the US is unlikely to bring its data protections laws into line with the EU.
They seem to be ignoring the fact that Snowden’s revelations have seriously undermined these arguments.
The fallout within the EU will almost certainly mean stricter controls and more and bigger fines for breaches.
• Val Surgenor is a partner in Intellectual Property and IT with the law firm MacRoberts.