ECJ Safe Harbour Ruling

The European Court of Justice (ECJ) has declared the Safe Harbour framework invalid

ECJ Safe Harbour ruling highlights need for transparency from Cloud Services Providers, says Outsourcery

The EU Safe Harbour ruling highlights the need for businesses to understand the data transfer agreements their service providers have with suppliers in other countries, says Outsourcery. Organisations need to look for service providers that are transparent on this issue to ensure continuing and strong relationships with their chosen supplier.

The European Court of Justice (ECJ) has declared the Safe Harbour framework invalid, which has provided a way for US companies to transfer data from Europe to the US since 2000. The ruling will mean that European countries can now enforce their own protocols for US companies’ handling of their citizens’ data. Affecting not only personal but also enterprise data, many companies may be nervous about what this ruling will mean for the cloud or communications services they receive from various suppliers and the continuing privacy and security of their data.

James Henigan, Chief Operating Officer at UK-based Cloud Services Provider Outsourcery, states: “Businesses that are concerned about data protection and privacy should consider who they procure services from. Specifically, they need to be aware what data transfer agreements their suppliers have in place with businesses in other countries. As such, many companies find it reassuring to deal with a UK company that is not a subsidiary of an overseas business or has agreements in place for the transfer of data to other countries. This is typically not true for any of the global public cloud providers.

It’s clear that many UK companies are not comfortable with the terms of how their data can be used when looking to utilise cloud services; suppliers need to make this much clearer.
James Henigan, Chief Operating Officer at Outsourcery

Don’t forget that the Safe Harbour framework was introduced to allow US companies to self-certify that they provide ‘adequate’ privacy protections to citizen or customer data. If a customer is contracted with such a company, they now need to understand what the scope of this self-certification is and if they are satisfied with it. A company’s data privacy is of utmost importance, so it’s in their interest to fully consider the terms their provider is bound by in handling their data.”

UK-based Outsourcery provides a full range of pure-play cloud infrastructure and software services, including Skype for Business and assured cloud for the UK public sector. Working with a wide variety of customers from NHS trusts, to small businesses and FTSE 100s, its datacentres are wholly located in the UK and as such Outsourcery is able to offer total data sovereignty, being fully compliant with the Data Protection Act of 1998.

Henigan concludes: “We make it clear to our customers where their data will be processed and stored, ensuring full transparency at every stage. Businesses need to make sure that their own providers let them know exactly where they will be transferring their data, ensuring a relationship built upon trust and transparency.”


For more information, contact