Why There’s No “Safe Harbour” When It Comes To European Data

Why There’s No “Safe Harbour” When It Comes To European Data

Update: As anticipated, the European Court of Justice has ruled that the Safe Harbour framework is no longer valid. It's time to start making alternative plans for the handling and transfer of all data relating to EU citizens


Recent news relating to the ongoing legal issues around "Safe Harbour" and EU data laws remind us that this issue is far from resolved - and that a resolution in favour of the status quo is becoming increasingly unlikely.

To recap (and simplify): the EU insists that all data relating to EU citizens is stored in the EU - where it is automatically required to comply with European privacy laws. The exception, which is the so-called "safe harbour" law, is that data may be transferred out of the EU in cases where it is handled and stored in compliance with those same laws - according to the self-certification of those handling it.

That arrangement has come under some pressure recently, not least due to the case taken by Max Schrems which agues that data held in the US does not meet the terms of 'Safe Harbour'. That case was recently bolstered by the ruling of the Advocate General and adviser to the European Court of Justice that current Safe Harbour arrangements are 'invalid', something that in turn means the case is likely to succeed.

What Does It Mean?

So far, so much legalese. Does this matter to mobile businesses? Well, we've written about the subject before, and the answer remains a resounding YES. Here's the bottom line: if you handle data relating to EU citizens, it is time to start making plans to ensure that data remains solely within the EU. As the former applies to almost every business out there, it should be apparent that across the board mobile businesses will need to start thinking seriously about this issue.

There is of course still some uncertainty around the final outcome, but right now it would be foolish in the extreme to consider carrying on with 'business as usual'. It's time to ask anyone who handles your mobile data exactly what they plan to do with it.