If Standard Contractual Clauses (SCCs) suffer the same fate as Safe Harbour then transferring data to the US will in practice become almost impossible, further threatening to balkanize the Internet and to undermine international trade.
Eight months ago the Financial Times warned in an editorial that a ruling by the Court of Justice of the European Union (CJEU) to invalidate Safe Harbour, a commonly used legal mechanism for transferring data to the US, threatened to balkanize the Internet and undermine international trade.
That threat deepened sharply last week when Ireland’s top data protection authority, the Irish Data Protection Commission, announced it would refer another legal mechanism, Standard Contractual Clauses (SCCs) to the courts too.
After Safe Harbour was invalidated companies that need to transfer data as part of their day-to-day activities scrambled to find other legal methods to allow them to continue. One such method is the Standard Contractual Clause.
If SCCs suffer the same fate as Safe Harbour then transferring data to the US will in practice become almost impossible.
But it’s not just transatlantic data flows that are being called into question. Companies use SCCs to transfer data all over the world.
If Europe’s courts conclude that SCCs are no safer than Safe Harbour this could effectively cut Europe out of the emerging global data economy, and that would hurt companies from almost every corner of the economy – not just the tech sector.
Global data flows are vital to international trade. Forcing companies to store their data within Europe will have serious implications for Europe’s economic prospects.
As the European Data Protection Supervisor, Giovanni Buttarelli himself said last week, it is unreasonable to ask companies to reinvent their practises all the time.
I would urge Europe’s data protection authorities to stop shifting the legal goal posts for international data transfers and to wait until Safe Harbour’s intended replacement, the Privacy Shield, has been given a chance to work.
The Privacy Shield, with its Ombudsperson role, would address the key concerns about EU citizens’ potential exposure to unwarranted surveillance by US security agencies.
Privacy activists have dismissed the Privacy Shield before it’s even been given a chance to work. Jumping to a negative conclusion when so much is at stake seems rather reckless.
Right now we need more legal certainty, not less. Give Privacy Shield a chance. If necessary make fixes once it’s in place but don’t throw companies into a legal black hole by closing down all options for international data transfers.