EU ruling alters stance on trans-Atlantic data transfers


Although the cloud is often described in terms that make it sound transient and ethereal, the reality is that it still relies on physical hardware to host the apps and data that third parties can then access remotely. This means that information may not only be stored overseas, but must also travel across national boundaries and over unsecured networks, to reach end users.

This has prompted the European Court of Justice (ECJ) to make a ruling this week which puts an end to the Safe Harbour agreement, which previously existed between Europe and the US, relating specifically to how information is transferred and stored in the cloud.

In particular, this will impact the ways in which American organisations with US-based cloud infrastructures at their disposal are able to offer services to European customers, with experts warning that companies, including Facebook, could face problems as a result.

The rules for how data can be moved, processed and stored were initially formulated 15 years ago and the ECJ’s ruling is intended to reflect the fact that times have changed and a new approach is needed, now that cloud computing is ubiquitous.

The end for the Safe Harbour regulations has also been prompted by the NSA data snooping scandal, which showed that US agencies had been able to access private information on EU citizens because it was stored on servers based in North America.

ECJ representatives pointed out that this kind of monitoring activity was all the more problematic because not only were EU citizens unable to do anything about it, but it also contravenes national laws on data protection which are present across the continent.

The cloud has certainly had teething troubles as a result of its global reach and this incident is not likely to be the last of them.