|
 An EU court on Tuesday struck down a deal to let U.S. and European
companies easily transfer personal data between continents, leaving
some U.S. companies concerned that they will be frozen out of the
market or replaced by EU competitors.
"The biggest fear is they'll lose the opportunity to provide data
services in Europe," said Emery Simon, counselor to BSA | The
Software Alliance, an industry group for software companies such as
Oracle, Salesforce and IBM.
Tech giants like IBM are more prepared for the change, because they
have come to use a number of different legal arrangements they say
will keep their data flowing.
The so-called Safe Harbor system allowed U.S. companies to
self-certify they met stricter European privacy standards, but the
European Court of Justice (ECJ) said the provisions used by more
than 4,000 firms did not give Europeans sufficient protection
against U.S. government access. Companies from all sectors, from
pharmaceutical giant Pfizer to tech firms like Microsoft, move user
and employee data back and forth across the Atlantic. Tech
companies, for instance, store data on many global users in the
United States, where they can parse user information for lucrative
ad targeting.
A U.S. company with overseas operations might transfer data about
employees to centralize its human resources functions at its
headquarters.
The EU and the United States will step up efforts to craft a new
system, but some U.S. software and data storage firms fear the data
flow will stop and that companies will instead rely on European
competitors for their services.
Midsize companies including document management company Adobe
Systems Inc <ADBE.O>, design software maker Autodesk Inc <ADSK.O>
and coupon company RetailMeNot relied on Safe Harbor.
"Any U.S. company with employees or customers in Europe is
potentially impacted by this ruling," RetailMeNot spokesman Brian
Hoyt told Reuters by email. "We also believe it may also create
challenges for data sharing necessary to rapidly provide data
analysis for business operations."
Adobe said it was "evaluating options" to transfer personal data
between continents and Autodesk also said it was evaluating the
decision.
Symantec said it has other mechanisms in place to legally protect
data transfers, but the uncertainty following the ruling has made it
difficult for such companies to determine their next steps and how
much business might be lost.
Even setting up data servers in Europe would not solve their
problems, said Ilias Chantzos, Symantec senior director for
government affairs in Europe, Africa and the Middle East and privacy
advisor.
"You can't isolate the flow of data only within one territory or
jurisdiction," Chantzos said.
And data storage without processing would not be enough, added
Thomas Boue, Director of EMEA Government Affairs at BSA.
"For companies a lot of the added value is on all the tools they use
to process the data, what you do with that data," he said.
[to top of second column] |
Companies could create new agreements with their customers in the
European Union, but the lack of clarity and high costs could leave
smaller firms with a "disproportionate share" of the burden of new
legal requirements, the U.S. Chamber of Commerce said.
OPPORTUNITY
The change could be an opportunity for European competitors such as
Orange and Deutsche Telekom to take business from U.S. companies.
One major European telecoms operator expects many customers, both
private individuals and businesses, to reassess their data plans and
to look at storing their data within Europe, a source close to the
company said.
"It is much more likely that companies will need to store their data
in the EU and not with U.S.-based providers, challenging the
hegemony of U.S. data storage companies," said Ian De Freitas, a
partner at the law firm Berwin LeightonPaisner.
The larger U.S. companies may face a problem of perception that they
have abetted U.S. government surveillance. They say, however, that
they have broken no laws. IBM, Facebook, Google Inc and Amazon
Inc,all have additional legal arrangements such as "model clauses"
which set privacy standards between the sender and receiver of the
data and allow them to continue data transfers.
Some also have agreements with European users who consent to having
their data transferred to the United States. Facebook, for example,
has a registration process that allows it to obtain consent from
users when they sign up for the service.
A prime concern of U.S. companies is that without a centralized
system like Safe Harbor, EU privacy regulators could adopt diverging
approaches to international data transfers.
The European Commission said it would provide guidance to the
regulators to ensure they adopted a common approach.
(Additional reporting by Harro Ten Wolde in Frankfurt and George
Tharakan in Bengaluru; editing by Peter Henderson and Christian
Plumb)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
