Dimension Data > Security > Safe Harbor, or any old port in a storm?

Safe Harbor, or any old port in a storm?



Rory Duncan, Head of Security Business Unit at Dimension Data UK&I

Rory Duncan, Head of Security Business Unit at Dimension Data UK&I

The recent ruling from the European Court of Justice (ECJ) on the invalidity of the Safe Harbor agreement will cause many multinationals to pause and think. More and more businesses are taking into serious consideration where their sensitive client data resides and is processed, especially when those locations are within the grasp of the US government, under the Patriot Act.

Data sovereignty and client data kept in ‘safe’ locations are common concerns we address with our customers at Dimension Data, especially given various countries’ data regulations. It’s one of the strengths of our Managed Cloud Platforms – a client knows where their workloads and data are so they can control which jurisdictions have a legitimate claim to their data.

Now that Safe Harbor is suspended, what happens when an individual accepts a cookie policy from a website? Does that fall under the ‘Safe Harbor’ umbrella? It’s going to pose a unique challenge for analytics and advertising platforms. For instance, if a person visits a travel booking website and suddenly an ad for booking sites appear in their Facebook timeline, has that person actually consented to share their data? It will be interesting to see how the ECJ rules on specific examples, such as this one.

Last month, there was quite a lot of noise over the US courts ordering Microsoft to allow them access to data stored in overseas (in this case Irish) data centres. There is currently a proposal in the US for a Law Enforcement Access to Data Stored Abroad Act to limit the scope to US citizens of interest outside the United States. It does raise the question of whether actions such as this by the US further validate the ECJ’s ruling and consideration of whether “Safe Harbor” is nearer any port in a storm.