“The Court of Justice declares that the Commission’s U.S. Safe Harbour Decision is invalid.”
The Safe Harbour arrangement has been in place since 2000. It was formalized by the European Commission’s Safe Harbour Decision (2000/520/EC), and permitted the transfer of personal data of
Europeans to the U.S., to companies that are self-certified under the Safe Harbor Privacy Principles
and registered with the U.S. Department of Commerce.
Last Tuesday, in a landmark judgment, the European Court of Justice – Europe’s highest court – declared the Safe Harbour Decision invalid. At present, it is not yet fully clear what the consequences will be of this judgment of the ECJ. What is clear, however, is that data should no longer be transferred to U.S. organizations solely on the basis they are Safe Harbour-certified. Companies that transfer personal data from the EU to the U.S., or rely on the processing of personal data in the U.S., will need to review their data flows for compliance with EU data protection law. They will likely need to consider alternative cross-border transfer solutions, e.g. by applying binding corporate rules, EU model contract clauses and/or obtaining individual persons’ consent for the transfer of their data. That operation will be time consuming and expensive. All this could potentially have serious implications for cloud hosting providers and their customers, who are suddenly faced with data residency issues.
EU court strikes down trans-Atlantic ‘safe harbor’ data-transfer pact. Decision will affect around 4,500 companies. http://t.co/Xn4TxivBAz
— Wall Street Journal (@WSJ) 6 oktober 2015
So will the ECJ’s judgment affect LeaseWeb’s business operations or the provision of services to companies that rely on us? We do not expect it to do so, because of the manner in which our business is set up.
The LeaseWeb brand was founded 18 years ago in the Netherlands. Over time, the brand expanded to other countries. First Germany, then the U.S., and most recently to Asia. During this expansion, privacy and data protection requirements were of the utmost concern. That’s one of the reasons why we chose to set up legal companies in each of the countries to which we have expanded. Each such local services company is a separate and distinct entity that provides services in a particular geographic area. More information can be found on www.leaseweb.com/en/legal. The separation of the LeaseWeb services companies is further ensured by certain other measures such as, for example, the facts that:
- Each LeaseWeb services company has its own data centers, offices, employees and other assets. They even have their own, fully separate LeaseWeb Cloud platforms. This for example ensures that none of the LeaseWeb services companies holds any control over the data of another LeaseWeb services company.
- The individual LeaseWeb services companies don’t have access to the data of customers not contracted with them, as their internal IT-systems are fully separated. This makes it impossible for an employee of one LeaseWeb services company to comply with a request for data with respect to a customer of another LeaseWeb services company.
These strategic decisions ensure we can continue to host your data at the same level of service you are used to – now, and in the future.
LeaseWeb is the brand name under which the various independent LeaseWeb companies operate. Each company is a separate and distinct entity that provides services in a particular geographic area. LeaseWeb Global Services B.V. does not provide third-party services. Please see www.leaseweb.com/en/legal for more information.