Beyond Safe Harbor - Privacy in the Cloud

October 20th, 2015 by inflectra

For those not consumed by national politics (how long can the US election last!), a significant ruling was made this month by the European Court of Justice, with regards to data privacy in the cloud and in particular the EU-Swiss-US Safe Harbor Agreement.

What is the Safe Habor Framework?

The Safe Harbor Framework was put in place to provide a mechanism for European businesses to transfer 'private' data on European citizens to companies based in the US. For example it allows a UK healthcare company to have patient data processed by a US data processing firm. It also allows EU businesses to host their data in hosted cloud services that are based in the US. The Safe Harbor Framework allows US businesses to self-certify that their private policies meet the EU requirements so long as they provide an independent recourse mechanism.

What does this ruling mean?

The ruling was brought about by a test case from an Austrian citizen due to his unhappiness with having his private data being governed by US laws (which are much less restrictive in terms of private data). Although we are not lawyers (luckily!) our belief is that this ruling means that going forward, the location of where data is stored is going to become much more important. In the short term this means that EU businesses will have to sign more robust agreements with US companies or have their data hosted within the EU. Longer-term this could change the entire business model of companies that need to be able to seamlessly move data across national boundaries.

What are Inflectra's Plans?

We have always had a belief that our customers deserve choice, and that's why we have always maintained both on-premise and cloud-hosted versions of our products. In addition, we maintain the highest standards of data privacy for all our hosted customers with all of our instances of our products being completely self-contained with each customer having a completely separate data environment.

However with the likely demise of the Safe Harbor framework, we are planning on standing up additional data centers (currently our data centers are located in various cities in the US) in Europe and other countries.

So, in the months ahead be on the lookout for emails from us asking you to specify if you'd like to change the location of your hosted environment. The choice is yours.

privacy safe harbor cloud data security