On October 5, 2015 the European Court of Justice invalidated the Privacy Safe Harbor Framework that has been in place for the past 15 years governing the transfer of personal data out of the European Union.
Simply put, an effective tool for business has been lost due to the European reaction to the data gathering activities of the Federal Government, as those activities have been understood in Europe in light of the Snowden revelations.
Much has been written about efforts that are underway by the EU and the US Government to create a new privacy safe harbor framework, and there are bills under consideration in Congress that would address some of the issues of concern to the European Court of Justice.
From a practical perspective, I would expect that US tech giants will find a way to comply with the newly applicable national regulations – or implement solutions that avoid regulatory scrutiny and allow their products and services to continue to be used by their millions of EU customers. There is simply too much demand for Google and Facebook at this point to expect anything else.
I worry about the new hurdles that US, European and other start-ups may face in the data-driven innovation economy. Small start-ups can’t afford to “lawyer up” in advance of having mass acceptance of their products, and the absence of uniform data rules may make it nearly impossible for US start-ups to confidently make their products and services available globally, even as many tech start-ups quickly discover a major off-shore user base.
In a sense they must now fly blind and hope for the best. It seems that small entrepreneurial businesses and start-ups could be hurt by the European response to US government activities that are completely unrelated to the sorts of “consumer data” that drives the web economy. Hopefully, US policy makers can continue to foster innovation and assure clear access to the European Market for cutting edge data driven products and services – perhaps through an updated privacy safe harbor framework, to again provide US companies with the confidence of being in in compliance with the European approach to privacy.