Do You Market to Countries in the EU? The Safe Harbor Agreement has Been Struck Down; This May Affect You


European Union flag on gavel isolated on white.

Editor’s Note: The rules and regulations in the United States about how companies manage and protect people’s private data are different from the rules and regulations in other countries. Between the US and the European Union, there has been a framework of rules to bridge this gap, colloquially called the “Safe Harbor” agreement. The week of October 5, 2015, Europe’s highest court struck down this agreement. A new agreement may take its place, but it is uncertain, at this point, what terms it might contain or how it will affect US companies that collect the personal data of European citizens in the course of marketing.

In anticipation of this and to serve our European customers, Act-On has recently opened a data center in Germany. In addition to our data center in Ireland, this provides options for companies that market to European countries. Our recent press release has the details, but the gist is this:

The opening of the Frankfurt data center gives Act-On users an additional option for where they would like their data to reside, allowing them to benefit from having infrastructure centrally located in Europe. Additionally, customers can now further improve the fault tolerance of their applications using two infrastructure regions located exclusively in Europe.

David Fowler, Act-On’s Head of Privacy and Digital Compliance, penned this opinion which was published on the Online Trust Alliance website October 8, 2015.

Help Your Small Business Weather the Safe Harbor Storm

Europe’s highest court recently struck down the “Safe Harbor” agreement between the United States and the European Union (EU), a decision that could have an enormous impact on American and European businesses who depend on transatlantic data transfers for their livelihood.  The decision by the European Court of Justice (ECJ) means that U.S. and EU businesses will need to find some other way to legally transfer Europeans’ data, which could be a major headache for the estimated 4,000 companies that have relied on the pact’s protections while transferring customer and internal data between EU countries and the U.S. Even though this decision doesn’t mean data will stop flowing between the U.S. and the EU, it may mean a flood of consumer complaints to EU regulators about how data is handled.

There has been strife brewing for years on the handling of data and surveillance. The ECJ ruling has the potential to not only impact the U.S. and EU economies but the world digital economy. While big companies have the resources to prepare and manage this storm, how will smaller businesses navigate the shaky ground that lies ahead?

Here are a few things your company should be thinking about to manage this change:

  • Evaluate the practicalities of “Safe Harbor” built into your business operations
  • Evaluate YOUR own situation and corporate objectives via data transfer and how you’re going to approach it
  • Review your CRITICAL transfers first, then evaluate data transfers within corporate entities, and finally to vendors
  • Have a plan to address binding corporate rules and model contracts
  • Determine if your company has any enforcement risk

As we all wait for the European Commission and the U.S. Department of Commerce to reach a new data sharing agreement, take stock in the fact that you’re doing what you can for your customers by evaluating your own interpretation of the ruling pertaining to your business and operational environment.

To learn more about the EU Safe Harbor decision and other important policy topics, join the Online Trust Alliance in Washington, D.C. on November 17th for the annual member meeting and a special Salon dinner with FTC Commissioner Julie Brill and Congresswoman Suzan DelBene.