Advanced Computing in the Age of AI | Tuesday, August 16, 2022

Cloud Vendors Address EU Safe Harbor Ruling 

Cloud vendors are responding to last month's data privacy ruling by a European court with security upgrades to cloud storage and orchestration services aimed at helping customers meet stricter EU data protection requirements.

Among the first out of the gate in response to the Oct. 6 ruling by the European Court of Justice invalidating a "Safe Harbor" framework is Syncplicity, the enterprise file-sharing vendor. The company announced a series of upgrades this week that address evolving European data protection guidelines.

Syncplicity, the former EMC Corp. unit based in Santa Clara, Calif., said Tuesday (Nov. 10) it is adding a European-based cloud storage option along with an EU-based cloud orchestration layer designed to give U.S. companies with European operations more options to comply with new data security regulations. Syncplicity has traditionally focused on allowing customers to store data locally and then move specific files to the cloud.

The EU Safe Harbor ruling means many organizations operating in Europe but using U.S.-based cloud storage services may no longer be in compliance with new EU privacy regulations. The upshot is that U.S. technology companies must quickly figure out how to respond to the Safe Harbor decision or risk damaging relationships with their European and multinational customers.

Along with storage and file orchestration upgrades designed to address privacy changes, the company said it would provide "model clauses" in its cloud services agreements designed to provide a legal framework for upholding EU data privacy requirements.

Those requirements are still evolving as U.S. and EU representatives begin to hammer out a new privacy framework that protects data privacy across national borders. Hence, solutions like Syncplicity's represent a stopgap until a new data privacy framework is in place.

The company acknowledged as much: "These added options will ensure our customers meet data protection requirements while regulators in the U.S. and Europe work to sort out a new Safe Harbor framework," Brian Levine, Syncplicity's senior director of security and compliance, noted in a statement.

The company added that its European cloud storage option would allow customers to select European-based cloud services as the sole repository for their files. The upgrade allows customers to establish private clouds in the region of their choice while storing files either on-premises or in Syncplicity's public clouds.

The new European-based cloud orchestration layer could be used to "sever the connection between European storage clouds and the U.S.-based control plane," the company said. That approach would help customers comply with EU data security regulations by allowing them to store and process metadata like file and user names as well as email addresses in Europe.

Maintaining the privacy of personal data was at the heart of the "Safe Harbor" dispute before the European court. Several thousand U.S. companies operating in Europe invoked the Safe Harbor provision in the daily operations until the framework was invalidated.

While large operators like Facebook are thought to have backup plans, Syncplicity and others are responding to smaller operators who are scrambling to determine whether they will need local datacenters in each European country in order to comply with stricter EU data privacy regulations.

Syncplicity said its modified cloud service agreements would include model clauses that "provide a legal framework to meet the data protection requirements of the European Union while also incorporating contracts for the transfer of personal data to third countries."

About the author: George Leopold

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).

Add a Comment