New Safe Harbor Worries Over Data Privacy Could Push Business to Cloud
October 6 was quite an interesting day for consumer privacy. After 15 years in place, the Safe Harbor agreement was declared invalid by Europe’s highest court, the Court of Justice of the European Union. Driven by data localization trends and consumer privacy concerns in the wake of the “Snowden Effect,” the ruling empowers each country in the European Union to set its own consumer privacy rules and regulations.
The court’s decision has complicated implications for U.S. organizations conducting business overseas. In light of Safe Harbor’s invalidation, can international businesses continue to operate as usual?
The Way We Were, and How the Future Is Shaping Up
Back in 2000, Safe Harbor was enacted to expedite the transfer of digital data between companies and international networks. Under the framework, U.S. companies conducting business in the European Union followed one uniform set of E.U. privacy standards, and could transfer data from E.U.-based consumers (like onsite activities and purchase histories) back to U.S. servers. For example, a Parisian could update his or her Facebook profile, and the data could be transferred to one of Facebook’s datacenters in the United States.
In recent years, consumer privacy issues have really hit the spotlight. In a post-Snowden world, there is fear the U.S. government is accessing consumers’ private data, leading to a push for global data localization. For example, Russia requires data about Russian users to be stored within the country's borders, and now with the Safe Harbor decision, localization regulations could apply to data about residents of the E.U. as well.
As the Court of Justice explains, the 28 countries in the European Union will have individual oversight regarding how companies collect and manage their respective citizens’ data. To add even more complexity, countries in the European Union have widely varying attitudes about privacy. With the invalidation of the Safe Harbor framework, these countries can now create their own privacy rules and regulations.
The Cloud: Holy Grail of Customer Data Management?
Last week’s ruling is a potential hit to enterprises conducting business overseas. Why? Global brands will now be required to manage their customers’ data in multiple geographies and navigate a patchwork of rules and interpretations of how consumer data should be stored, managed and used. This could mean building out, securing and managing expensive data centers in multiple countries. For smaller and non-tech companies, on-premises storage and management of consumer data in several regions will be either not feasible or extremely cost-prohibitive.
But it doesn’t have to be all doom and gloom. Now faced with the difficulty and cost of navigating and complying with several potential new privacy rules and regulations overseas, consumer-facing enterprises with international user bases could migrate their customer data from owned and operated on-premises data centers to cloud vendors that already have in place international infrastructures for customer identity data management. This migration could make it easier for these consumer-facing enterprises to comply with new and evolving regulations that may arise following the ruling. Cloud technology is already being adopted rapidly because of its scalability, faster time-to-market and lower costs, and the Safe Harbor ruling will only accelerate that adoption.
Consumer privacy is an incredibly important issue in our post-Snowden era, and we are likely still in the early stages of geographically dispersed regulation. The next iteration of Safe Harbor is already in the works, with E.U. and U.S. officials re-negotiating the details to make it more consumer privacy-friendly. Importantly, this increased emphasis on privacy doesn't have to be a win for consumers at the loss of businesses, but in order for that to be a reality, organizations will need to rethink how they've been approaching customer data management and consider the cloud.
Patrick Salyer is the CEO of Gigya, a customer identity management platform with more than 700 customers, including Fox, Forbes and Verizon.