Previous Page  26 / 76 Next Page
Information
Show Menu
Previous Page 26 / 76 Next Page
Page Background

INTERNATIONAL AGENTs

SECTION

also to businesses outside the EU that process personal

data collected through offering services or goods to

citizens in the EU, from monitoring their behavior or

hosting their data.

The grace period for Safe Harbor compliance ends at

midnight on January 31, and it remains to be seen how regu-

lators will react. There are a number of potential outcomes at

this point. Regulators could issue the massive fines; compa-

nies could continue with business as usual, with EU officials

issuing an extension for compliance; or, the EU and U.S. au-

thorities could agree on Safe Harbor 2.0 or some other alter-

native for assuring the legality of cross-border data transfer.

Regardless of the actions taken, it’s clear that data

systems relied upon by U.S. companies will come under

regulatory scrutiny, and companies may face legal risk and

substantial new fees if they do not re-evaluate their privacy

programs. Thousands of corporations that rely on the Safe

Harbor to legitimize transfers of personal data from Europe

to the U.S. are left wondering how to make sense of these

events and what the pathway forward is. And channel part-

ners have an important role to play with their customers in

helping them do just that.

“While there is still speculation as to the ramifications

of the decision and what other routes are available, U.S.

businesses need to take a lesson from their European coun-

terparts and take a worst case scenario approach to data

protection,” said Suni Munshani, CEO at Protegrity, a data

security software and solutions provider. “For example,

when it comes to security, Germany has the strictest re-

quirements in the EU, and therefore companies in other

countries should raise the bar to meet those standards. The

same goes for U.S. companies. By raising company security

standards to match those that set the bar the highest, it will

create a stronger safeguard to data protection, which can lead

to higher confidence in corporate data transfers overseas.”

According to PwC, U.S. companies with operations in

Europe should consider several steps to a new privacy action

plan, including:

• EU Data Transfer Plan: Asses personal data flows,

model contracts and compliance readiness;

• EU GDPR Plan: Conduct a readiness assessment, bud-

get for remediation, elevate risk mitigation plans to the

board level; and

• Integrated EU compliance management: Enhance

your EU privacy program, conduct stress tests, moni-

tor changes in EU support models.

Safe Harbor: What is It?

Source: Ropes & Gray LLP

Originally established in 2000 by an agreement between

the United States and the European Union, the Safe Harbor

Framework was designed to facilitate the open flow of

data from the EU to the U.S., after the establishment of the

European “adequacy” standard for privacy protection. The EU

prohibits the transfer of personal data gathered within the EU

for commercial purposes to locations outside the EU, unless

such locations demonstrate an “adequate” level of data

protection commensurate with EU standards.

To this day, the EU does not recognize the U.S. as providing

an adequate level of protection for personal data, and thus

transfers of personal data from the EU to the U.S. generally

are prohibited unless the organization takes approved steps

to legalize those transfers. One such approved step was self-

certification to the Safe Harbor Framework.

At its core, the Framework is a self-regulatory regime

whereby U.S. organizations could self-certify their compliance

with seven Safe Harbor Privacy Principles, including the

principles of notice, choice, security and enforcement. After

undertaking this self-certification, the U.S. organization could

provide adequacy and lawfully transfer personal data from

the EU to the U.S.

Many companies that send data from the EU to the

U.S. (including EU companies that use servers located

in the U.S.) chose to rely on the Safe Harbor for their

everyday operations. In the 15 years since the Framework

was established to facilitate the transfer of personal data

between the U.S. and EU, the number of participating

organizations steadily increased from under 1,000 in 2005

to around 3,200 in 2013 and roughly 5,500 today.

A Large Amount of Data

Getting Larger

The International Data Corporation (IDC) estimates that

3.2 billion people, or 44 percent of the world’s population,

will have access to the Internet in 2016. Of this number,

more than 2 billion will be using mobile devices to do so.

Growth in Internet access is taking place around the world,

but some countries are seeing particularly rapid growth.

China, India and Indonesia lead the way and will account for

almost half of the gains in access globally during the course

of the next five years. The combination of lower-cost devices

and inexpensive wireless networks are making accessibility

easier in countries with populations that could not previously

afford them.

The total number of mobile Internet users is forecast to

rise at a pace of 2 percent annually through 2020 unless

significant new methods of accessing the Internet are

introduced. Efforts by Google, SpaceX and Facebook, among

others, to make the Internet available to the remaining

4 billion people via high altitude planes, balloons and

satellites are underway. However, it remains unclear how

successful these endeavors will be and when they will be

operational at scale.

“Over the next five years global growth in the number of

people accessing the Internet exclusively through mobile

devices will grow by more than 25 percent per year, while

the amount of time we spend on them continues to grow,”

said Scott Strawn, program director for the Strategic

Advisory Service at IDC.

26

Channel

Vision

|

January - February 2016

1 21 22 23 24 25 26 27 28 29 30 31 32 76  FlippingBook