Privacy ‘safe-harbour’ and Australia

 – not safe enough?

The decision by the European Court of Justice to declare the Safe Harbour arrangements between the US and EU invalid will have interesting repercussions not only for European citizens and companies such as Facebook and Google, but also for countries that increasingly rely on selling services overseas like Australia and New Zealand.

The decision was made as result of a case brought by Austrian citizen Maximillian Schrems on the use of his data by Facebook and in particular the practices of the US government as revealed by Edward Snowden.

This judgment has the consequence that the Irish supervisory authority* is required to examine Mr Schrems’ complaint with all due diligence and, at the conclusion of its investigation, is to decide whether, pursuant to the directive, transfer of the data of Facebook’s European subscribers to the United States should be suspended on the ground that that country does not afford an adequate level of protection of personal data. http://curia.europa.eu press release 6 October
*Facebook European HQ is in Ireland

Safe Harbour, is an agreement that had been in place since 2000. It was supposed to give the protections to private data collected by multinational companies on EU citizens wherever it was stored. This allowed Facebook to store EU citizens’ data in the US or wherever it was most efficient, but required them to treat it to the EU’s standards, rather than the more relaxed US standards.

The judgement is an indication of the deep unhappiness in Europe with the US’s cavalier approach to non-US citizen’s data. The US’s binary approach to citizen rights makes many non-US citizens bristle. It is like the Pax Romana of the Roman Empire 2000 years ago.

This decision will not ‘destroy cloud’ in Europe or elsewhere. However, it will require some reorganisation. In this, it will hurt second and third tier players more than Facebook, Amazon and Google.

Moreover, the decision will not seriously curb mass surveillance. The dirty little (not so) secret is that all countries spy on their citizens for mostly good reasons, including the Europeans. It’s just that the US is better at it than most others.

When the big players jostle, smaller countries feel the waves.

For Australian organisations, not only those who hold EU citizens’ data, this decision should cause them pause for thought. Organisations that do not take privacy seriously, or only respect the privacy of a subset of their stakeholders, need to rethink their approach, if only in terms of the reputational damage of a breech in markets like the EU.

The Internet becomes less than one – Time for an International Law of Cyberspace

The Internet has never been one network for all, As much as some might wish, it is a motley collection of many nets with a very minimal governance. The main effect of this decision is to further balkanise the Internet in a similar way to content geo-blocking and country firewalls.

Smaller countries like Australia and New Zealand should be concerned. We need to be able to trade on an even playing field in services. And that means having an Internet that is common to us and our competitors, both in terms of technology and policy. We need common laws governing cyberspace as much as we need trade barriers on physical goods like rice to be reduced.

This is the time that Australia, New Zealand and similar countries should be pushing hard diplomatically for an international ‘Law of Cyberspace’ which achieves the equivalent that the conventions on the Law of the Sea  achieved for maritime commerce. It took 300 years for the Law of the Sea to come to pass and it’s still being updated – let’s hope that the law of cyberspace takes much, much less time.