Safe Harbor agreement drives awareness of data sovereignty issues

Posted by Mike Vizard on Apr 14, 2016 11:41:58 AM


It's truly an ill wind that doesn't blow some good anywhere. Such is the case with the contentious Safe Harbor agreement that the European Union and the United States are trying to hammer out.

This week a pan-European data regulator group, known as Article 29, recommended that the latest attempt to create a Safe Harbor agreement for transferring data into the U.S. from Europe should not be approved because it doesn’t go far enough to protect the privacy of Europeans. The previous agreement has been invalidate by the European Court of Justice after it determined earlier this year that the existing Safe Harbor agreement did not adequately protect the privacy of European citizens.

While not being able to transfer certain classes of data into data centers in the U.S. could disrupt a whole range of business activities, the legal challenges to the Safe Harbor agreement between the U.S. and European Union is serving to make more businesses aware that there are a whole range of data sovereignty issues.

Complying with data sovereignty 

In fact, Greg Richey, director of professional services at Ingram Micro, notes that IT services providers serving customers with global operations could build a whole practice around advising customers on the legal and technical challenges associated with complying with data sovereignty laws around the globe.

In the meantime, Microsoft is at the forefront of a case challenging the U.S. government’s ability to subpoena data residing outside the U.S. According to a U.S. district court ruling, Microsoft must turn over data relating to a criminal case even though that data is housed in a data center in Dublin. While that case is under appeal, Microsoft also moved to turn control of data in its data centers in Germany to a “data trustee.” That move prevents Microsoft from having to turn over data housed in those data centers even in the face of a court order without the permission of that data trustee. If the U.S. government wants access to data stored in Microsoft data centers in Germany it would have sue the data trustee in a German court.

Providing managed services to international businesses

Jacob Barreth, business development director for Volta Data Centres, says all these legal cases are serving to create a boom for storing data in data centers housed in various European countries as more businesses become aware of the data sovereignty issues. Many businesses are finding that keeping a copy of data in the countries they do business to be the path of least resistance, says Barreth.

That obviously creates some data management challenges when it comes to replicating that data. Given the current legal climate those data management issues are unavoidable. As such, many IT services companies should find themselves being asked to manage that process on behalf of any organization that transacts business outside of the United States.

Of course, not every business conducting transactions outside of the U.S. is fully aware of all the nuance of data sovereignty laws. For that reason alone IT services firms might want to invoke the services of experts in international law to help them create more awareness of the need for their data management services around the globe.

Photo Credit: i naina _94 on Flickr.Used under CC 2.0 license. 

Intronis blog

Topics: Data Loss

Which Data Loss Gremlin Is Targeting You
The MSP's Complete Guide to Cyber Security
Fixed Price Data Protection
Intronis Local Lunches
MSP Marketing Assessment