From the Blogosphere
You Don’t Have to Be a Tech Giant to Navigate the End of Safe Harbor By @ttul | @CloudExpo #Cloud
A sovereign cloud strategy mitigates privacy restrictions that prevent Europeans from using services
By: Ken Simpson
Dec. 4, 2015 03:00 PM
For the last 15 years, companies operating in the United States and Europe have benefited from Safe Harbor - a streamlined process that allowed U.S. companies to transfer and store European citizens' data in the U.S. provided a level of privacy protections were adhered to according to outlined European standards. Recently, however, an Irish court has ruled, in a case brought by an Austrian citizen concerned about how Facebook was handling his private data, that the Safe Harbor agreement is inconsistent with European privacy law, as it did not require all organizations entitled to work with EU privacy-related data to comply with it. The court's decision means Ireland's Data Privacy Commissioner must review the merits of the case and make a final determination about whether Facebook is allowed to transfer private data from its European users to the United States. In the mean time, companies that had relied on the Safe Harbor process can no longer do so. In today's data-centric business world, the ruling comes as a blow to thousands of companies operating at the global scale that are now faced with navigating new, complicated individual standards - across multiple regions.
Tech giants like Microsoft, Google, Amazon and Netflix have assured customers that the ruling won't impact their ability to continue to provide services as usual. However, the same isn't necessarily the case for smaller players that have relied on Safe Harbor to grow their business and cultivate an international customer base. In fact, The Internet Associate, an alliance made up of many some of the biggest names in tech, stated that while large enterprises have put the proper mechanisms in place to prepare for any end of Safe Harbor, "smaller companies and consumers" across both continents could "experience significant challenges going forward."
Now the question for these smaller companies is "how do we continue to operate globally and comply with more than 20 disparate standards, when we lack the ability to allocate the same level of time and resources that large companies have." One potential solution companies may initially consider is coding - having programmers rewrite code that treats users differently based on IP addresses in order to meet compliancy standards by region. While it would address the individual need to meet privacy standards specific to each nation-state, the solution stands to cost tremendous amounts of time, money, and mental energy.
Novatrend, a Swiss based web-hosting company, is subject to strict privacy compliancy laws due to their location. Swiss data privacy law makes it difficult for Swiss companies to outsource data processing to foreign-operated services. In 2014, Novatrend was looking for a service provider to handle its outgoing email delivery (small providers often outsource email delivery because it's a challenging service to offer in-house). But Swiss data privacy law prevented Novatrend from sending its client's email outside of Switzerland for processing. This situation is one similar to that which many service providers will now encounter with the end of Safe Harbor. Novatrend initially contemplated outsourcing email delivery to Canada-based MailChannels; however, the physical location of MailChannels email processing infrastructure in the United States presented a problem.
To solve the problem, MailChannels set up a small "sovereign cloud" of email processing servers within Novatrend's own data center in Switzerland. With this small change, Novatrend was able to send their email through the sovereign cloud within their own data center, where it is processed using MailChannels' proprietary email delivery and anti-spam technology. As a result, Novatrend now gets the exact same benefits it would get if the data was being processed in the United States, while maintaining its adherence to Swiss data privacy laws, since the email data is kept within Switzerland while being processed.
Many non-European based cloud application providers and Software-as-a-Service providers (SaaS) should probably consider a sovereign cloud strategy as a way of mitigating privacy restrictions that prevent Europeans from using their services. They may not have to move everything to Europe, maybe just a small part - the part of an operation that actually stores and processes European citizen's data. For many applications, that means just moving a database to Europe, but keeping the command and control aspect hosted in their country of origin. The sovereign cloud approach enables providers to continue operating globally without heavy infrastructure investments, while reducing the potential of violating privacy laws with the end of Safe Harbor - and any other changes in privacy coming down the pipe.
Reader Feedback: Page 1 of 1
Latest Cloud Developer Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week