Mike Weston is the CEO of data science consultancy Profusion. In this article, he discusses what a new Safe Harbour agreement will mean for the UK tech scene.
I would hazard a guess that not a lot of people beyond a small corner of the UK’s tech industry were aware of what Safe Harbour was prior to October 2015.
It was a deal struck in 2000 between the EU and US that governed the ‘safe’ transfer of data out of the EU to the US. The agreement was meant to ensure that European citizens were afforded the same protection for their data even when it hit the shores of the US.
Unfortunately, Edward Snowden’s revelations made it demonstrably clear that that was not the case. Consequently, the European Court of Justice tore up the agreement in October and the global tech community had a mild heart attack.
A new agreement
Fast forward to today and the deadline for a new agreement, imaginatively dubbed Safe Harbour 2.0, is fast approaching.
The EU and the US are due to strike an agreement over the weekend which, if all goes to plan, will be finalised on February 2nd.
Signs of some form of deal being reached are good. There’s no way it’ll bear much resemblance to the original Safe Harbour, though.
Both parties have moved too far in different directions concerning data privacy to repeat an agreement of such scope with so little oversight. If you believe the mood music coming from the US camp then chances are they will agree to a watchdog or ombudsman to oversee matters. The EU undoubtedly wants to go further, talking openly about ‘pro-active’ intervention and possible annual reviews.
The finer details of the deal, although clearly very important to tech companies, will only temporarily paper over the cracks that have emerged in the free global transfer of data.
On one side, the US is continuing to move away from any concept of online data privacy in favour of ‘security’. Whereas the EU, with the exception of the UK, is increasingly making moves to curtail what it sees as the erosion of data protection by large tech companies and governments.
So any new Safe Harbour agreement will be a fudge. And, most likely, a very temporary fudge.
The net result will be more uncertainty for tech companies. It’s easy to say that this situation will not massively impact the UK’s tech scene, but the reality is, that any start up with global ambitions that deals with a lot of data (i.e. most start ups) will have to navigate a very uncertain political and legislative future.
The EU’s new data protection regulation is the next milestone. It seeks to increase an individual’s right to privacy, while also homogenising rules across the EU.
Unfortunately, the current framework is so riddled with exceptions, ambiguities and differing means of implementation that it’s unlikely to be a success. Nevertheless, it’s in stark contrast to the US’s recent Cybersecurity Information Sharing Act. Some of the Act’s provisions further undermine data protection by compelling US businesses to share personal data with a number of different security agencies. It pretty much negates what little protection has hitherto been afforded to an individual’s data.
A spanner in the works
Meanwhile, the UK is throwing another spanner in the works with the Investigatory Powers Bill. Like the initiative in the US, it shreds a lot of privacy rights and protections and puts more pressure on businesses to collect and share information with authorities.
Hanging over all of this is the Microsoft case. If it’s decided that US authorities can access information held in a data centre in the Republic of Ireland, it’ll destroy any Safe Harbour 2.0 agreement and turn the data divide between the US and EU into a full blown rift.
Unfortunately, whatever the decision in the Microsoft case, it is likely to be appealed and probably won’t reach a conclusion for a year or more. Uncertainty will continue to dominate the global tech scene.
The next few weeks will see a lot of chatter about the implications of Safe Harbour 2.0, however, it’s worth keeping in mind that it will only ever be a sticking plaster on wider problems.
The EU and the US are drifting apart in relation to data privacy, putting at jeopardy the concept of global free flow of data. It will take a fundamental change in position on one side of the Atlantic to ultimately rectify the situation and provide some certainty for tech companies.