As Helen Dixon, Ireland’s Data Protection Commissioner, pointed out in a statement issued by her Office, the issues dealt with in the decision by the Court of Justice of the European Union (ECJ) to invalidate the “Safe Harbour” system, under which companies transfer customer data from Europe to the United States, are “complex.” She elaborated, saying that the issues “will require careful consideration” and “what is immediately clear is that the Court has reiterated the fundamental importance attaching to the right of individuals to the protection of their personal data. That is very much to be welcomed.”
For the uninitiated, Safe Harbour is the name of a policy agreement established between the United States Department of Commerce and the European Union in November 2000 that regulated the way that U.S. companies export and handle the personal data of European citizens, enabling American technology companies to compile data generated by their European clients in web searches, social media posts and other activities online.
At issue is the personal data that people create when they post something on Facebook or other social media, when they conduct searches on Google, or when they order products or buy movies from Amazon or Apple. Such data is invaluable to companies, which use the information for a broad range of commercial purposes, including tailoring advertisements to individuals and promoting products or services based on users’ online activities.
Safe Harbour, regarding data transfer, does not apply solely to tech companies or online retail, however. It also affects any organization with international operations, such as when a company has employees in more than one country and needs to transfer payroll information, or allow workers to manage their employee health benefits online.
So how did we get from data concerning your preference for wool socks over cotton or your interest in purchasing season four of “Game of Thrones” to controversial issues concerning Europeans’ privacy rights and U.S. national security interests?
The ruling by the ECJ found that the Safe Harbour agreement is flawed because it allowed American government authorities to gain access to Europeans’ online information. The court said leaks from Edward J. Snowden, the former contractor for the National Security Agency (NSA), made it clear that American intelligence agencies had access to the data, infringing on Europeans’ rights to privacy.
The issue came to head when Max Schrems, a 27-year-old graduate student living in Austria, argued that Europeans’ online data was misused by Facebook because it cooperated with the NSA’s Prism program. Prism, in part, involved the U.S. Federal government’s collection of information on Europeans, gathered from the world’s largest Internet companies, in search of national security threats. An interesting side note is that Schrems originally filed his complaint with the Irish Data Protection Commissioner, since it is the privacy regulator for Facebook outside the U.S. because the Company’s European headquarters are located in Dublin. He eventually took his case to the Irish High Court, which referred it to the ECJ in July of last year. Following the ECJ judgment, the Irish court is expected to rule that the Irish Data Protection Commissioner must investigate his complaint properly and decide whether to suspend such data transfers.
As many large American tech companies have set up their overseas headquarters here, attracted to our low corporate tax rate and other critical criteria promoted by Host in Ireland, including affordable power, redundant network and bandwidth capacity, as well as our vast, educated talent pool, the Irish government has been supportive of Safe Harbour.
As Helen Dixon begins discussions with her data protection counterparts in other European Union member countries to best determine how the ECJ’s judgment can be “implemented in practice, quickly and effectively” as it impacts European to U.S. data transfers, Host in Ireland is confident that procedures can be established that continue to support the thriving digital economy, respects individuals’ right to privacy, and ensures the safety and protection of our global community, both home and abroad.
To learn more about data protection and how it relates to Ireland, attend our free event “From Finance to Pharma, Why Companies Big & Small Host in Ireland” on November 10 at the RDS. Please follow the link to register: http://hostinireland.com/registration-page/