The rather undignified demise of Safe Harbour has created a void between the EU and US, with inevitable, impending investigations soon set for transatlantic IT companies. This is a Rubik’s Cube that needs solving, according to Microsoft.
The problems that have been triggered by the fall of Safe Harbour (with Edward Snowden, and then Max Schrems, helping to reveal the deal for what it ultimately became – a one-way, metadata haulage system) are complicated and complementary.
In today’s digital age, our business, social makeup and general everyday life is predicated by limited, or plentiful, cross-border data transfers.
A complicated conundrum
Every time you try to buy a product online, there’s a good chance your credit card information is handled across borders. When you travel, your passport information is handled by airlines, across borders.
When these borders are within the EU, everyone over here is grand, we have laws to remove those barriers in many cases, smoothing the process.
But once that information travels outside of the EU, obstacles, key obstacles, emerge. Safe Harbour was, originally, supposed to alleviate that but, once Snowden revealed mass, indiscriminate surveillance by the NSA, with EU citizens offered absolutely no recourse, that quickly became untenable.
Now major IT companies, those that are charged with handling all of your data (and of that there is oh so much) are left in a bit of a bind. A system simply has to be developed, but what kind?
Microsoft makes its case
Brad Smith, chief legal officer to Microsoft, has penned a detailed piece on this topic, noting four key areas that make up a Rubik’s Cube of difficulties.
Privacy is a fundamental right, in an absolute sense. But we need an internet that works, and that means transferring information into varying jurisdictions.
Governments need to keep their citizens safe (so, protect their information), but we need a multilateral legal system to allow for a smooth operation.
“Like the Rubik’s Cube, the solution is obvious only after it’s complete,” said Smith.
Safe Harbour is gone, but something must replace it
First up, he suggests that citizens’ rights travel with their data. This is already in the works. He also calls for a new, speedy process to transfer data across borders while maintaining this original protections.
Smith also notes the irritation of companies, like Microsoft, that get governmental requests for information not to do with their service, but which passes through their centres.
“This would address one of the principal areas of current legal concern for businesses that are relying on cloud services,” he said.
“This month the old legal system collapsed, but the foundation long ago had crumbled. In recent years, it has been apparent that a new century requires a new privacy framework. It’s time to go build it.”
Main image via Shutterstock