EU Court Rules ‘Safe Harbour’ Invalid

By   ISBuzz Team
Writer , Information Security Buzz | Oct 15, 2015 08:00 pm PST

The European Court of Justice has ruled that the ‘Safe Harbour’ agreement that allowed the transfer of European citizens’ data to the US is no longer valid. The EUCJ ruled that the agreement that went into force in 2000 was invalid because it does not adequately protect consumers in the wake of the Snowden revelations. This means that American companies such as Google, Facebook, Apple and Microsoft, can no longer rely on self-certification and must seek to strike “model contract clauses” in each case. These agreements authorise the transfer of data outside of Europe. Ken Westin, senior security analyst, Tripwire, discusses the effects that this ruling will have on US businesses.

[su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Security Analyst for Tripwire :

“This decision is an example of how national cybersecurity policies can have a significant effect on businesses, who are essentially caught in the middle through no actions of their own. The core argument under the Safe Harbor scheme is that the country ensures an adequate level of protection of the data, but public authorities have the ability to supersede these protective rules through both policy and technology.

A new or amended agreement may need to be established in order to avoid putting the onus on individual companies, as transferring personal data out of a region without approval can put a company at legal risk.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire logoTripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]