This week on NVTC’s Blog, Host in Ireland’s President and Founder Garry Connolly discusses Safe Harbor, a policy agreement that regulated the way that U.S. companies export and handle the personal data of European citizens.


 In Nov. 2000, the United States Department of Commerce and the European Union established Safe Harbour, a policy agreement established between that regulated the way that U.S. companies export and handle the personal data of European citizens. This enabled American technology companies to compile data generated by their European clients in web searches, social media posts and other activities online.

In 2015, a major issue with the agreement is the collection of personal data that people create when they post something on Facebook or other social media, when they conduct searches on Google, or when they order products or buy movies from Amazon or Apple. Such data is invaluable to companies, which use the information for a broad range of commercial purposes, including tailoring advertisements to individuals and promoting products or services based on users’ online activities.

Safe Harbour, regarding data transfer, does not apply solely to tech companies or online retail, however. It also affects any organization with international operations, such as when a company has employees in more than one country and needs to transfer payroll information, or allow workers to manage their employee health benefits online.

So how did we get from data concerning your preference for wool socks over cotton or your interest in purchasing season four of “Game of Thrones” to controversial issues concerning Europeans’ privacy rights and U.S. national security interests?

As Helen Dixon, Ireland’s Data Protection Commissioner, pointed out in a statement issued by her Office, the issues dealt with in the decision by the Court of Justice of the European Union (ECJ) to invalidate the “Safe Harbour” system, under which companies transfer customer data from Europe to the United States, are “complex.” She elaborated, saying that the issues “will require careful consideration” and “what is immediately clear is that the Court has reiterated the fundamental importance attaching to the right of individuals to the protection of their personal data. That is very much to be welcomed.”

The ruling by the ECJ found that the Safe Harbour agreement is flawed because it allowed American government authorities to gain access to Europeans’ online information. The court said leaks from Edward J. Snowden, the former contractor for the National Security Agency (NSA), made it clear that American intelligence agencies had access to the data, infringing on Europeans’ rights to privacy.

The issue came to head when Max Schrems, a 27-year-old graduate student living in Austria, argued that Europeans’ online data was misused by Facebook because it cooperated with the NSA’s Prism program. Prism, in part, involved the U.S. Federal government’s collection of information on Europeans, gathered from the world’s largest Internet companies, in search of national security threats. An interesting side note is that Schrems originally filed his complaint with the Irish Data Protection Commissioner, since it is the privacy regulator for Facebook outside the U.S. because the Company’s European headquarters are located in Dublin. He eventually took his case to the Irish High Court, which referred it to the ECJ in July of last year. Following the ECJ judgment, the Irish court is expected to rule that the Irish Data Protection Commissioner must investigate his complaint properly and decide whether to suspend such data transfers.

As many large American tech companies have set up their overseas headquarters in Ireland, the Irish government has been supportive of Safe Harbour. However, Helen Dixon has begun discussions with her data protection counterparts in other European Union member countries to best determine how the ECJ’s judgment can be “implemented in practice, quickly and effectively” as it impacts European to U.S. data transfers, Host in Ireland is confident that procedures can be established that continue to support the thriving digital economy, respects individuals’ right to privacy, and ensures the safety and protection of our global community, both home and abroad.


 Interested in learning more about data protection? Join NVTC, Host in Ireland, and Helen Dixon for an event on April 7, 2016 at the National Conference Center. Please email marketing@hostinireland.com for details.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Notes from the Silicon Valley Cybersecurity Summit

September 23rd, 2014 | Posted by Sarah Jones in Guest Blogs | Uncategorized - (Comments Off)

NVTC is inviting members to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. Kathy Stershic of member company Dialog Research & Communications shares her insights below.


I was fortunate to attend Silicon Valley Cyber Security Summit over the summer, where I spent four hours indulging in the subject. The panel discussions were excellent, bringing perspectives from security technology providers, pundits, the Department of Homeland Security, congressmen, senators and executives from the outstanding Silicon Valley Leadership Group (#SVLG).

The first discussion centered around progress to date with Obama’s Executive Order (EO) issued in early 2013, and the potential for more formal cyber policy or regulation coming from the Congress. The cybersecurity problem offers a rare opportunity for the public sector to lead in a critical technology domain, but all of the day’s speakers emphasized the requirement for public-private partnership in addressing the challenge. There has actually been some good news around the Cybersecurity Framework, an outcome of the EO being driven by NIST, in which participation is voluntary but to which 3,000 private sector representatives have actually contributed. While governments actively push such information to the citizenry, companies need to share a lot more about what’s happening to them, what they’re learning and how they’re defending themselves – competitive concerns are keeping this constrained to date. Still, some progress is being made.

One of the biggest eye openers was the claim by several speakers that the public is just not engaged in this issue and therefore practices poor digital ‘hygiene’. I found this surprising and uncanny in the aftermath of the Target and Nieman Marcus’s attacks last fall, and the Aug. 5 revelation that a Russian crime ring had stolen 1.2 billion user name and password combinations and more than 500 million email addresses.

Senator Saxby Chambliss (R-Ga.) extolled the virtues of his and Senator Dianne Feinstein’s (D-Calif.) Cybersecurity Information Sharing Act bill, which made it through the Intelligence Committee but still faces stiff opposition from privacy advocates. Everyone agreed that what would spur Congressional action would be a real crisis – a big attack that causes a real national issue. We hope that we don’t have to endure a crisis to make progress, however. It is also possible for Federal agencies like HHS, DHS, the SEC and others to impose cyber regulations within their domains – some are already doing so. And states are stepping up too, with a plethora of unique policies. Beyond the U.S., each country will have its own policies as well.

In my opinion, the core issue behind the discussion was trust – citizens don’t trust the government, businesses don’t trust each other or the government, and the government doesn’t trust other governments. One speaker even joked that in the Silicon Valley, the NSA is seen as an ‘advanced persistent threat.’  Everyone is waiting for a cybersecurity crisis, which I believe will sooner or later. Let’s hope later.

My next post will discuss the country’s shortage of skilled cybersecurity workers.


Contributed by Kathy Stershic, Principal Consultant, Dialog Research & Communications

kstershic@dialogrc.com

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS