Safe Harbor struck down: no consequences for AB Tasty’s customers as solution completely conforms to European legislation
On 6 October 2015, the European Court of Justice (ECJ) struck down the European Commission’s 2000 decision that the Safe Harbor agreement offered an adequate level of protection for personal data sent to the US from the European Union.
In its decision, the ECJ declared the transatlantic data protection agreement implemented in 2000 invalid, as it does not sufficiently protect users.
The Safe Harbor agreement of 26 July 2000 allowed American companies to self-certify that they applied EU data protection norms. More than 5,000 American businesses “self-certified Safe Harbor” will have to find a new solution to continue doing business within Europe.
What does this mean in practice?
What was the Safe Harbor agreement?
European privacy and data security regulations do not allow for personal data to be transferred from the EU to an outside country, unless that country offers a sufficient level of protection. The Safe Harbor agreement, which is entirely based on American businesses’ self-certification, consequently helped them transfer their customers’ European data to their servers located across the Atlantic.
The situation today
With the ECJ’s ruling, transferring data from Europe to the United States will no longer be considered as respecting current European regulations if they base their actions only on the data recipient’s Safe Harbor certification, and will therefore be illegal.
As a result, any European citizen can sue any company if they have the impression that it does not offer sufficient protection of his or her personal data, under EU directive 95/46/CE from 1995, and particularly if this company transferred their personal data to the United States based on the 2000 Safe Harbor agreement alone. Therefore, a European company having used an American service to store its customers’ personal data could be the target for lawsuits. Services for accounting, HR management, cloud hosting, CRM, data collection, and online marketing are particularly concerned.
What about AB Tasty?
If you are already an AB Tasty customer, your and your clients’ data from your test and personalisation campaigns are safe and the ECJ’s ruling striking down the Safe Harbor agreement will have no impact in using our services.