The White House has expressed disappointment that a “critical” agreement had been struck down.
Dave Lee, North America technology reporter
The Safe Harbour ruling made on Tuesday has potentially big implications for some giants of Silicon Valley when it comes to how they look after our private data.
Safe Harbour was designed as a “streamlined and cost-effective” way for US firms to get data from Europe without breaking its rules.
Companies in the US were able to self-certify that they had put the appropriate data privacy measures in place.
In the wake of the Snowden allegations, the top European court has ruled that Safe Harbour is invalid.
The White House has expressed disappointment that a “critical” agreement had been struck down because of “incorrect assumptions about data privacy protections in the United States”.
But the question is – what’s changed?
I’ve spent the day canvassing the views of firms in Silicon Valley. Most didn’t want to talk on the record and were taking a wait-and-see approach as to what happens next.
Of those that did have something to say, here’s a selection.
Microsoft provides cloud services – online storage – for many businesses around the world. In a blog post, the company said: “For Microsoft’s enterprise cloud customers, we believe the clear answer is that yes they can continue to transfer data by relying on additional steps and legal safeguards we have put in place.”
But it called for renegotiation of Safe Harbour to be swift.
“Many European nations are currently considering amendments to their surveillance laws. Rather than just expand governments’ surveillance authority as some are seeking to do, the focus should be on striking the right balance between security and privacy without sacrificing one for the other.”
The Internet Association represents some of the biggest players in Silicon Valley and beyond, including Twitter, Google, Facebook, Netflix and Uber.
The association’s president Michael Beckerman said in a statement that while bigger firms have back-up agreements in place to transfer data, it’s small US firms that could struggle.
“In light of this far reaching European Court of Justice ruling, the Internet Association calls on the US and EU to join forces to implement a revised Safe Harbour framework and to issue interim guidance to stakeholders pending this implementation.”
Talks between the US and EU about an updated agreement – dubbed Safe Harbour 2.0 – have been ongoing for around two years, but could be sped up by these recent developments.
Salesforce, which offers customer relationship management software (everything from sales to marketing to customer analytics), said it was making changes to its service in the wake of the ruling.
“Salesforce is immediately making available a data processing addendum that incorporates the European Commission’s standard contractual clauses, commonly referred to as ‘model clauses’.”
The travel start-up, which allows people to rent out their rooms and properties, told the BBC it wasn’t particularly fussed: “Like other European companies, Airbnb relies on other safe and legal mechanisms for essential data transfers.
“This ruling does not have a significant impact on us.”
Facebook too said it was unaffected practically by the ruling, but urged sensible reforms.
“Facebook, like many thousands of European companies, relies on a number of the methods prescribed by EU law to legally transfer data to the US from Europe, aside from Safe Harbour,” said the social network in a statement.
“It is imperative that EU and US governments ensure that they continue to provide reliable methods for lawful data transfers and resolve any issues relating to national security.”
Online storage provider Box told the BBC it wasn’t affected as it had other measures in place.
“Box does not anticipate any impact based on today’s ruling by the European Court of Justice (EJC) regarding the EU-US Safe Harbor Framework,” it told the BBC.
“In anticipation of the ruling, we’ve undertaken efforts to adhere to the alternative methods for meeting the ‘adequate protection’ requirements.”
Github, a site where programmers share source code, is having to take action to make sure it is compliant in the wake of the ruling.
“GitHub is committed to ensuring that our community of 11 million developers all over the world can collaborate together on software, with confidence that their privacy is protected,” the site told the BBC in an email.
“We will take the necessary steps to ensure that our European users can continue to build great things on GitHub.”
Autodesk is a company with huge reach – it develops systems for 3D design, education, engineering and entertainment. Much of it is handled in the cloud.
“Autodesk is currently evaluating the impact to our business of the European Court of Justice’s decision on the EU-US Safe Harbour Framework and awaits additional guidance,” the firm told the BBC.
“We continue to comply with the previous Safe Harbour principles, and are committed to supporting our customers through any changes required as a result of this decision as well as protecting the privacy of our customers and employees.”