13 Nov Is your data compliant? – Safe Harbor Agreement
You may have heard about the Safe Harbor Agreement in the news recently. This was an agreement between the European Union and the US Department of Commerce, made in November 2000, that allowed US companies to export and handle the personally identifiable information (PII) of EU citizens, as long as they complied with the regulations set out within the agreement.
On October 6, 2015 the European Court of Justice (ECJ) declared the Safe Harbor Agreement invalid, after news was leaked the the US National Security Agency (NSA) was spying on data held by American companies that belonged to EU citizens. After an Austrian student made a complaint that found it’s way to the ECJ, the agreement was declared invalid. This puts a lot of people in a tricky situation as it’s now not legal to export or handle the PII of EU citizens within the US.
What does this mean for you, I hear you ask.
What it means is that if you run a website that captures your customers data, this may be through registrations, e-commerce or a variety of other ways, you need to know where your servers are based. If they’re not based within the EU, you may be opening yourself up to be sued.
Some companies, such as Amazon, already have agreements with individual EU member states which assures that data is stored in accordance with that countries data protection laws. In this case the invalidation of the Safe Harbor Agreement won’t have an affect on them.
If you’re not sure where your servers are based, it’s probably a good idea to get in contact with your hosting company. Find out where your servers are located and if they’re in the US, make sure that they’re aware of this change and find out if they have any agreements in place with EU member states to protect the data.
The EU Commission have put out a notice saying that both sides of the Atlantic are working on getting Safe Harbor 2.0 up to scratch and they’ve set a timeline of the next 3 months to get it released. In the meantime it’s not currently known what will happen regarding this issue.
As always, our DWM servers are based within UK datacentres and are therefore unaffected by the issue at hand. If you’d like to discuss this issue some more or talk about moving your hosting to EU based servers, you can check out our hosting packages or get in contact with us.