Safe harbour and data protection
“In the ’20s and ’30s it was the role of government. ’50s and ’60s it was civil rights. The next two decades are going to be privacy. I’m talking about the Internet. I’m talking about cell phones” says Sam Seaborn in the 1990s series The West Wing; and rarely has a TV show so accurately predicted the future.
For everyone that uses the internet – and since you’re reading this, we presume you do – and particularly for anyone who uses social media, how our data is stored and who it is shared with is something that is increasingly important to think about.
One thing that makes the whole thing more complicated is that our laws are not as international as the internet is; European Union laws surrounding privacy online are far better and more secure than laws in the United States, which has far more lax privacy laws. Since websites, however, don’t exist just in the EU or just in the US, we have the international Safe Harbour Privacy Principles, which are principles that enable some US companies to comply with the EU’s privacy laws. US companies storing customer data may self-certify that they adhere to 7 principles, to comply with the EU Data Protection Directive.
Sounds like a pretty easy solution, right?
But last month, the European Court of Justice has ruled that the “safe harbour” agreement that allowed the transfer of European citizens data to the US is no longer valid because it does not adequately protect people (a post-Snowden era revelation).
So what does this mean going forward? American companies – including Google, Facebook, Apple and Microsoft – can no longer rely on self-certification and must seek to strike “model contract clauses” in each case. These agreements authorise the transfer of data outside of Europe. For Facebook specifically, which was at the heart of this whole issue, the Irish data protection authority must decide whether the transfer of the data of Facebook’s European subscribers to the US should be suspended on the grounds that that country does not afford an adequate level of protection of personal data.
The message to take away from all of this is that we still don’t really know how best to protect data and privacy in the internet age, and there is still a lot of uncertainty and risk with everything we do on the internet.
That, of course, doesn’t mean that people are or should be going to stop posting information online, or that this data should stop being stored. But it is important we look at and talk about what we can do to keep this information as safe as possible.
At Artonezero, our servers are based at Telehouse North; the first purpose-built colocation data centre in Europe. Telehouse North has been the primary home of the London Internet Exchange since 1994 and continues to be one of the most heavily connected data centres in the world. Because of this, all the information stored with us has to comply with EU privacy regulations, with no exceptions.
If you want to have a chat about our hosting services, or anything else we might be able to help you with, give us a call on 020 3011 0390 or drop us an email to firstname.lastname@example.org.