Dive Brief:
- The decision invalidates the Safe Harbor guidelines established in 2000 that enabled companies to transfer data from Europe to the U.S and could have huge implications for U.S. intelligence agencies, according to the Washington Post. The decision could affect the transfer of healthcare data across borders.
- The ruling derived from revelations brought forth by Edward Snowden, a former National Security Agency contractor regarding the scope of NSA surveillance.
- Despite working with the European Commission for the past two years to strengthen the Safe Harbor framework, the court's decision may put many U.S. companies out of compliance with European law.
Dive Insight:
The ruling has two key points: Each data-protection authority may examine whether a transfer of data complies with European privacy rules and examine it with its national court if suspect. It can then be referred to the European Court of Justice for a ruling.
The second point is the Safe Harbor agreement is now invalid. It stated the agreement places "national security, public interest or law enforcement requirements" over privacy principals.
Penny Pritzker, Commerce Secretary said in a statement, "We are deeply disappointed in today's decision from the European Court of Justice, which creates significant uncertainty for both U.S. and [European Union] companies and consumers, and puts at risk the thriving transatlantic digital economy."
Many industry experts agreed the ruling will be disruptive to the digital economy and said rather than striking down the Safe Harbor framework it would have been better to negotiate a new agreement to account for concerns raised by the Snowden disclosures.
According to the New York Times, the decision does not affect only tech companies, but "any organization with international operations, such as when a company has employees in more than one region and needs to transfer payroll information or allow workers to manage their employee benefits online." Potentially that includes employee healthcare information, which should be guaranteed privacy.