Off for Safe Harbour - consequences for the industry?
The European Court of Justice (ECJ) on October 6, 2015 has declared the Safe Harbour Agreement void, negotiated in 2000 with the US. Thus we have "now the chance of a new legislation," said European Parliament President Martin Schultz in the eveneing in the news channel N24.
The Safe Harbour method had created a way to circumvent the European Data Protection Directive 95/46/EC, which prohibits in principle to transfer personal data from Member States of the European Union in countries whose data protection does not have an EU law comparable level. At least since the revelations of Edward Snowden is clear that the United States not only do not provide such protection, but that there, the data certainly can be collected by the NSA. US companies could previously simply register with the US Department of Commerce with the noble commitment to follow the Safe Harbor principles. According to the Süddeutsche Zeitung currently are about 4,400 companies on this list, including in accordance with Wikipedia IBM, Microsoft, General Motors, Amazon.com, Google, Hewlett-Packard, Dropbox and Facebook.
Yesterday the ECJ has declared this Safe Harbour method invalid. The court requires as a prerequisite for data transfer that in the US an EU level "equivalent" privacy is guaranteed. Now, the European data protection authorities are required. They can no longer hide behind the legend of the "safe harbor". Theoretically it is even possible that the flow of data between Europe and the USA will be stopped. Practically this is unlikely.
The judgment applies in the first instance, the major Internet companies that are likely to be forced now to store data of European users in Europe. But of course it has an impact also on the industry. The Internet of Things and its industrial part, in Germany called Industrie 4.0, are finally living from the exchange of data on the Internet. Since the major trading partner is the USA, therefore also many German companies are likely to exchange data with partners, subsidiaries and customers there, to which the rules of the European data protection must also be applied in the future. A positive development, about which the FAZ (Frankfurter Allgemeine Zeitung) writes: "The EU must not sacrifice privacy to economic growth. But if it stifles the growth engine Internet, that's also no one's help."
For the manufacturing industry, the judgment on the one hand provides clear borders. A company for example, which evaluates data of machines and plants of its customers in the cloud and uses them for services in the field of predictive maintenance, cannot do this on any desired cloud platform now. But on the other hand the judgment also supports the European industry in its efforts to take measures for cyber security against the fear of customers of the use of appropriate services. Those from the United States who until yesterday could mock the "exaggerated fears" of European Internet users, now rather face major challenges to take data protection seriously. OK then.