(Ferenstein Wire)—The technology industry is scrambling to understand how it will continue business in Europe, after the continent’s high court struck down a privacy agreement that protected U.S.-based companies operating abroad, known as Safe Harbor. Under the comforting umbrella of Safe Harbor, U.S. tech companies were free to send sensitive personal data over the Atlantic, so long as they abided by certain privacy measures.
The Court of Justice of the European Union (CJEU) struck down the agreement, which had been in place since 2000, in part due to fears of U.S. mass surveillance. “This is the reaction from the Europeans over the Edward Snowden leaks,” says Berin Szoka, president of the policy group TechFreedom, to the Ferenstein Wire. Since mass spying was revealed, much of the world has leveled heavy criticism and threats against the U.S. Up until Tuesday, the legal threats were often theoretical.
The recent court ruling, according to Szoka, is the big policy backlash. Tech companies are scrambling for an answer because the impacts aren’t known quite yet. The rendering made the protections immediately invalid, permitting the EU’s many regional data protection authority organizations free to bring suit, should they find a tech company’s privacy protection policies inadequate.
So, what happens now? “A company in Europe may run afoul of these rules if it uses a U.S. service provider that it sends data to, such as for email marketing. Or it might run afoul of these rules if it sends data to a U.S. subsidiary,” explains Daniel Castro of the Information Technology & Innovation Foundation.
Many legal experts don’t quite know what the decision could encompass. It could be that a company will have to development different policies for American and European users, like Twitter has already done. But, that may not be enough. The entire Internet industry is build on communication between users. For example, say a European Google user opens up a Gmail account in Germany but travels to the U.S. His email and personal communications could be visible to NSA spying, which might violate one of Europe’s authorities’ sense of fairness.
At the moment, options may be limited. For big tech companies, it’s less of an immediate issue, because they can afford to house data centers within Europe, (potentially) outside of the NSA’s surveillance capabilities. For smaller companies, it’s less certain.
“If they haven’t launched in Europe yet, I might tell them to wait,” cautions Szoka. The ITIF agrees, “To completely reduce risk of facing an enforcement action, they would have to stop all of these activities. Or they could limit their activities so that data does not leave Europe.” It’s hard to overstate how damaging that could be to intercontinental business.
Noted civil liberties group the Electronic Frontier Foundation is leveraging the craziness to campaign for NSA reform. “US companies should be campaigning to get the NSA surveillance laws fixed,” says the EFF’s Danny O’Brien.
In business, there’s few things worse than legal uncertainty. This alone could pressure the kind of reform that has seemed impossible.
*For more stories like this, subscribe to the Ferenstein Wire newsletter here.