EU Court Ruling Could Lead To A “Standstill” On Data Transfers

News, Opinion, Regulation | July 16, 2020 By:

The European Court of Justice is expected to publish its decision today on the use of the European Commission’s Standard Contractual Clauses for international data transfers outside of the EU. The court will decide whether a widely used tool for moving data from within the bloc to outside countries is legal. Depending on the outcome, U.S. companies may need to brace for tougher restrictions on importing data from the European Union.

Some emerging technology leaders have shared their thoughts and predictions for how data transfers might be impacted, as they continue in their endeavours to make the process more secure and seamless.

Erick Pinos, America’s Ecosystem Lead at Ontology, the high performance public blockchain and distributed collaboration platform said: 

“While the ruling would affect any company that holds user data, even something as simple as users’ emails for a newsletter, it will likely hit social media, e-commerce, and search engine companies the hardest as they handle the most user data. Removing the existing data transfer policies through these rulings without having alternatives ready to replace them would lead to a standstill as many US-based companies may decide it would be easier to stop serving EU citizens altogether than risking getting flagged down for misusing EU data. It will be harder for users to use and benefit from many US-based services.

If tougher restrictions are imposed, US companies that can’t move data out of the EU would have to establish separate and independent operations in the EU for those markets. This is not ideal, and the longer term solution to maintain the flow of data would be for companies and regulators to negotiate and put in place smarter mechanisms for data transfer, use, privacy, and storage. For example, new policies could allow for companies to transfer data from from the EU to the US while also tagging all transferred data so that it can be deleted or corrected on request by EU citizens covered under GPDR. Smarter mechanisms like these allow for companies to continue building up the global data market while also complying with the different protections given to users in varying jurisdictions.”

Adam Traidman, CEO of BRD, the most secure mobile cryptocurrency wallet, said:

“The world has been moving in a direction to tighten regulations around user data for the past few years. Companies should certainly have backup plans for transferring data. Keep in mind, this is not just about user conversations in messaging apps, but all and any user data. For example, this also applies to the transferring of company user data such as payroll information and other HR data, as Thomas Boue of the BSA Software Alliance has mentioned. International companies in particular should always have a backup plan.”

Paul Madsen, Technical Lead at Hedera Hashgraph, the public, enterprise-grade distributed ledger, said:

“Consent is fundamental to EU privacy regulations like GDPR. And a citizen of the EU should expect that any sharing of their data outside the EU should also be governed by their consent. EU citizens could be provided the necessary confidence by requiring that non-EU recipients make an explicit commitment to specific obligations with respect to the PII they receive. Any such commitment would be more trustworthy if it were made in a manner that could not be later refuted. One way to achieve this level of trust is have the commitments be effectively notarized by a decentralized timestamping service such as Hedera Hashgraph provides. In this model, it’s not the PII that flows in/through a Distributed Ledger Technology (DLT), but rather details of the privacy-respecting mechanisms and processes by which the PII will be stored, secured, and used.”