EU Strikes Back Over Snowden Leaks, But Blow Hits US Startups
This post appears courtesy of the Ferenstein Wire, a syndicated news service. Publishing partners may edit posts. For inquiries, please email author and publisher Gregory Ferenstein.
The technology industry is scrambling to understand how it will continue business in Europe, after the continent's high court struck down a privacy agreement on Tuesday that protected US-based companies operating abroad.
Under the umbrella of Safe Harbor, American tech companies were free to send personal data over the Atlantic, so long as they conformed to certain privacy measures.
The Court of Justice of the European Union (CJEU) struck down the agreement, which had been in place since 2000, in part due to fears of US mass surveillance. "This is the reaction from the Europeans over the Edward Snowden leaks," Berin Szoka, president of policy group TechFreedom told me.
Since mass spying was revealed, much of the world has leveled heavy criticism and threats against the US. Until yesterday, the legal threats were often theoretical. Now, the ones threatened most could be the country's emerging tech businesses.
Europe Fights NSA Surveillance—And Hits US Businesses
The recent court ruling, according to Szoka, is the big policy backlash. Tech companies are scrambling for an answer, because the impacts aren't known quite yet.
What is know is that the decision made Safe Harbor immediately invalid. Now, the EU’s many regional data protection authority organizations are free to bring suit, should they find a tech company's privacy protection policies inadequate.
The matter could affect European businesses as well. "A company in Europe may run afoul of these rules if it uses a US service provider that it sends data to, such as for email marketing or … if it sends data to a US subsidiary," said Daniel Castro of the Information Technology & Innovation Foundation.
Many legal experts aren’t completely sure how far ruling’s influence might go either. It could be that a company will develop different policies for American and European users, like Twitter has done. But, that may not be enough. The entire Internet industry is built on communication between users.
For example, say a European Google users opens up a Gmail account in Germany, but travels to the US. His email and personal communications could be visible to NSA spying. That would violate the European authority's sense of fairness.
What Can Tech Companies Do?
At the moment, options may be limited. For big tech companies, it's less of an immediate issue, because they can afford to house data centers within Europe, (potentially) outside of the NSA's surveillance capabilities. The scenario’s much trickier for smaller companies.
At the very least, if they have operations in Europe, they most likely will have to reevaluate their service providers and vendors, seeking partners who have abided by the EU’s rules, as well as revamping their own policies. If they haven’t hit the continent yet, but plan to—well, they may want to hold off.
"If [startups] haven't launched in Europe yet, I might tell them to wait", said Szoka. The ITIF agrees: "To completely reduce risk of facing an enforcement action, they would have to stop all of these activities. Or they could limit their activities so that data does not leave Europe." It's hard to overstate how damaging that could be to an intercontinental business.
Noted civil liberties group Electronic Frontier Foundation (EFF) is taking advantage of the craziness to campaign for NSA reform. “US companies should be campaigning to get the NSA surveillance laws fixed," EFF's Danny O’Brien said.
Few things drive policy like business, and in business, there are few things worse than legal uncertainty. We’ll see if it’s enough to pressure the kind of reform that has yet seemed impossible.
For more stories like this, subscribe to the Ferenstein Wire newsletter here.
Lead photo by woodleywonderworks
Comments