The European Union Data Protection Directive protects how personal information of EU citizens is collected, used, and retained. It prohibits the transfer of personal information to countries outside the EU that do not have similar standards and policies in place.
A ‘Safe Harbor’ agreement was negotiated between the US Department of Commerce and the EU to make it easier for US companies to comply with the Directive.
In October of this year, in an action brought before the European Court of JusticeMaxmillian Schrems v Data Protection Commissioner , (as well as general angst in the EU of NSA ‘wire-tapping’) that Safe Harbor was ‘struck-down’.
This was a bombshell for information technology firms that promote ‘data without borders’; i.e., the ability to store, and seamlessly access corporate data that includes personal information across the enterprise, wherever it may be.
Amazon Web Services and Microsoft Azure lost no time in announcing plans for new data centers in the EU to address this. Fortune Magazine reports that Microsoft went so far as to vest custodianship of its encryption keys with its partner Deutsche Telekom. It has opened opportunities for smaller, more nimble service providers that can ‘stand-up’ infrastructure ‘in country’; IntraLinks andSyncplicity are two such companies that deliver technology that address compliance issues related to sovereign personal information.
The strike-down of the EU Data Protection Safe Harbor reflects the growing distrust of US-based data custodians. It is not unreasonable to speculate on economic consequences of mis-informed actions of legislators in the name of national security, as you can read here Ferocious Opposition Not Enough To Stop CISA
In a letter appeal to President Obama on July 27, 2015, forty organizations and thirty individuals articulate how CISA will actually make us less safe; Read Her