With the ECJ’s Safe Harbor ruling and, more broadly, the practice of U.S. companies processing E.U. data has been finally recognized to be as unsafe as we’ve always thought.
It finally puts people’s fundamental right to privacy before profit. This has long been needed. The ruling clarifies that mass surveillance is a violation of fundamental human rights. Governments and businesses can no longer ignore our fundamental right to privacy, but must abide by the law and enforce it.
This ruling affects the whole US cloud business in the EU. It means the US and EU will have to renegotiate a data sharing agreement. For companies to continue operating across the Atlantic, the EU will either have to bend to the US, or the US will have to draft stronger data protection laws.
EU member states and businesses need to find sustainable solutions to implement the European court’s judgement. Countries can choose to suspend the transfer of data to the US — forcing companies to host user data exclusively within the country.
Individual European countries can now set their own regulation for US companies’ handling of citizens’ data, vastly complicating the regulatory environment in Europe. As a result, Cloud users and service providers could face dozens of different regulatory environments in Europe.
Online services are widely adopted and trusted only when effortless and private
We believe that trust is more important than ever before in today’s data-driven world. Especially now, in the post-PRISM landscape, open source software delivers a crucial benefit: transparency, security against back doors, and the freedom of choice.
To ensure privacy long-term and to keep flexibility to align business strategy with the right technology, we outlined four commandments organizations and consumers should follow when they decide for an Internet service:
A service must be available from many providers
If a service is only available from one provider, a user cannot chose the one he trusts, with little to no choice nor freedom. Even if a provider is trusted today, this could change over time.
It must be possible to move data between services
Moving from one service to another usually also requires moving the data with it. As long as services are based on standards, like mail or files, this is obvious and relatively easy. But already, proprietary messaging services make it impossible to take the messaging history to another service. Even worse are Cloud services with proprietary data formats. So while one can move their data, the data gets useless, because no other service or software knows how to deal with it.
The service must also be available as software
While using a service provider could make sense today, this may change over time. At some point in time an organization may want to become their own provider by in-sourcing the service, or run it in a private cloud environment. Therefore, the software of the Cloud service must be available.
The software should be available in source code to everyone
Even with the software available, if it is proprietary it still requires a high degree of trust with the software supplier. What if that trust is broken? If the software is open source, such trust is not required, as the supplier provides full transparency of what the system does by showing the world what it is made of. Everyone can audit the code and backdoors become impossible over the long run.
Click here to learn more about what OX is doing to safeguard privacy, protect user data and keep the Internet ruthlessly open.