Big data. Data flows. Data transfers. Safe harbor. Model clauses. Privacy Shield. A bit like 'data protection bingo', these are just some of the terms that have been bandied around in the media over the last few months.
The ripple effect of the ruling between Mr Schrems and Facebook could be about to cause more than a ripple in EU to US data transfers as the Irish Data Protection Commissioner plans to refer a case to the Court of Justice of the EU. This time it focuses on whether Facebook can use standard contractual clauses that are generally accepted to legalise the transfer of data to the US.
Many companies, and in particular the household tech names, rely on cross Atlantic data flows so this is big news. If these clauses are also struck down, many businesses will be looking at how they can legitimise and legalise their transfers, or looking at what other organisational changes may need to happen to safeguard the business and data.
The key here is whether the model clauses fall down on the same issue as with safe harbour - do the clauses prevent mass surveillance by US authorities?
A colleague of mine alikened it to the story of the three little pigs. Was safe harbor the straw house? Are the model clauses the wooden house? Will the much heralded/maligned US-EU Privacy Shield eventually become the brick house we can all (as businesses and data subjects) seek solace and safety in? Can anything change without a change to US legislation?
Time will tell, but for now it's certainly an area we all need to keep on top of.
Eduardo Ustaran, CIPP/E, said “The prospect of the standard contractual clauses being declared invalid is the Armageddon of lawful global data flows.”