Safe Harbor – Microsoft’s One Step Ahead
In a recent decision the European Court of Justice has ruled that Safe Harbor is effectively invalid. Microsoft has once again been showing they’re one step ahead when it comes to keeping up with developments in the law affecting the cloud.
Safe Harbor was a mechanism whereby European companies could maintain their data protection compliance obligations and transfer data from the EU to US companies who have Self-Certified as Safe Harbor Compliant. Safe Harbor has been in place for 15 years, and certification involves US companies complying with a set of data protection principles and practices. This is required due to the US not having its own data protection laws that the European Union recognizes as being sufficient to protect EU Citizens.
Microsoft’s enterprise cloud customers can continue to transfer data by relying on additional steps and legal safeguards Microsoft has put in place; this includes additional privacy protections and Microsoft’s compliance with the EU Model Clauses, which enable customers to move data between the EU and other places – including the United States – even in the absence of the Safe Harbor (as stated in the first blog article above).
It seems the requirements of the law are changing, if you’re not with a cloud provider that has you covered and you are transferring data to the US, you’re going to have to work out exactly what not having Safe Harbor means and implement changes if required. The above posts make it clear that Microsoft is right on top of this legal development and you’re in safe hands. Microsoft is always quick to react, and as situations like this develop, Microsoft’s Cloud will adapt enabling you to stay compliant while letting them worry about the finer details.
As always with legal issues, seek legal advice if you’re unsure, however the legal bill and the implementation bill will likely be far less if you’re with a cloud provider who’s already done the heavy lifting for you.