In our last Data Protection bulletin, we considered the impact of the ruling by the CJEU which struck down the US Safe Harbour arrangement as unlawfully breaching EU privacy rights. Organisations currently assessing the impact of this decision on their data practices, will be interested to note the recent announcements by cloud service providers such as Microsoft and Amazon that they are opening data centres in the EU in order to keep data within Europe.
Discussing Microsoft’s plans for a UK based data centre, Scott Guthrie, Microsoft’s cloud enterprise group chief, said that the move would increase cloud service uptake, as well as reduce data privacy concerns. Microsoft’s CEO, Satya Nadella, has said that expansions to existing data centres in Ireland and the Netherlands had also been completed, and that the work would “fuel the next generation of cloud computing”.
Following the court's ruling on Safe Harbour, a German privacy watchdog has also challenged the validity of data transfers to the US using the method of European Commission approved model contract clauses. These developments have increased the attractiveness of the creation of European data center infrastructure as a solution.
In addition to the remedy of moving previous US based data centres to the EEA, there are other options which enable companies to lawfully transfer data to the US, as set out in our earlier article. As a first step, organisations should risk assess their data to determine what they hold and where it is being transferred in order to determine which solutions best fit their business.