Advanced Computing in the Age of AI | Wednesday, May 18, 2022

New Safe Harbor Worries Over Data Privacy Could Push Business to Cloud 

(Source: Shutterstock/artjazz)

October 6 was quite an interesting day for consumer privacy. After 15 years in place, the Safe Harbor agreement was declared invalid by Europe’s highest court, the Court of Justice of the European Union. Driven by data localization trends and consumer privacy concerns in the wake of the “Snowden Effect,” the ruling empowers each country in the European Union to set its own consumer privacy rules and regulations.

The court’s decision has complicated implications for U.S. organizations conducting business overseas. In light of Safe Harbor’s invalidation, can international businesses continue to operate as usual?

The Way We Were, and How the Future Is Shaping Up

Back in 2000, Safe Harbor was enacted to expedite the transfer of digital data between companies and international networks. Under the framework, U.S. companies conducting business in the European Union followed one uniform set of E.U. privacy standards, and could transfer data from E.U.-based consumers (like onsite activities and purchase histories) back to U.S. servers. For example, a Parisian could update his or her Facebook profile, and the data could be transferred to one of Facebook’s datacenters in the United States.

In recent years, consumer privacy issues have really hit the spotlight. In a post-Snowden world, there is fear the U.S. government is accessing consumers’ private data, leading to a push for global data localization. For example, Russia requires data about Russian users to be stored within the country's borders, and now with the Safe Harbor decision, localization regulations could apply to data about residents of the E.U. as well.

As the Court of Justice explains, the 28 countries in the European Union will have individual oversight regarding how companies collect and manage their respective citizens’ data. To add even more complexity, countries in the European Union have widely varying attitudes about privacy. With the invalidation of the Safe Harbor framework, these countries can now create their own privacy rules and regulations.

The Cloud: Holy Grail of Customer Data Management?

Last week’s ruling is a potential hit to enterprises conducting business overseas. Why? Global brands will now be required to manage their customers’ data in multiple geographies and navigate a patchwork of rules and interpretations of how consumer data should be stored, managed and used. This could mean building out, securing and managing expensive data centers in multiple countries. For smaller and non-tech companies, on-premises storage and management of consumer data in several regions will be either not feasible or extremely cost-prohibitive.

But it doesn’t have to be all doom and gloom. Now faced with the difficulty and cost of navigating and complying with several potential new privacy rules and regulations overseas, consumer-facing enterprises with international user bases could migrate their customer data from owned and operated on-premises data centers to cloud vendors that already have in place international infrastructures for customer identity data management. This migration could make it easier for these consumer-facing enterprises to comply with new and evolving regulations that may arise following the ruling. Cloud technology is already being adopted rapidly because of its scalability, faster time-to-market and lower costs, and the Safe Harbor ruling will only accelerate that adoption.

Consumer privacy is an incredibly important issue in our post-Snowden era, and we are likely still in the early stages of geographically dispersed regulation. The next iteration of Safe Harbor is already in the works, with E.U. and U.S. officials re-negotiating the details to make it more consumer privacy-friendly. Importantly, this increased emphasis on privacy doesn't have to be a win for consumers at the loss of businesses, but in order for that to be a reality, organizations will need to rethink how they've been approaching customer data management and consider the cloud.

PatrickSalyerAbout the Author:

Patrick Salyer is the CEO of Gigya, a customer identity management platform with more than 700 customers, including Fox, Forbes and Verizon.

About the author: Alison Diana

Managing editor of Enterprise Technology. I've been covering tech and business for many years, for publications such as InformationWeek, Baseline Magazine, and Florida Today. A native Brit and longtime Yankees fan, I live with my husband, daughter, and two cats on the Space Coast in Florida.

One Response to New Safe Harbor Worries Over Data Privacy Could Push Business to Cloud

  1. Ulf Mattsson says:

    I agree that “In recent years, consumer privacy issues have really hit the spotlight,” and I think that we need to secure sensitive data before sending it to cloud.

    The Ponemon study “The State of Data Security Intelligence,” reported that “Data that is outsourced to cloud is the biggest worry.” Another Ponemon study reported “Some 52 percent of organizations that use offshore providers, or whose data might be hosted at an offshore location, do nothing to ensure the vendor is in compliance with relevant security and privacy requirements,” and “Less than four in 10 leverage security tools to protect enterprise applications and data in the cloud.”

    Gartner released the report “Simplify Operations and Compliance in the Cloud by Protecting Sensitive Data” in June 2015 that highlighted key challenges as “cloud increases the risks of noncompliance through unapproved access and data breach.” The report recommended CIOs and CISOs to address data residency and compliance issues by “applying encryption or tokenization,” and to also “understand when data appears in clear text, where keys are made available and stored, and who has access to the keys.”

    Another Gartner report concluded that “Cloud Data Protection Gateways” provides a “High Benefit Rating” and “offer a way to secure sensitive enterprise data and files stores of data and use cases.

    Ulf Mattsson, CTO Protegrity

Add a Comment