BCS calls ruling on safe harbour a ‘wake up call for global digital business’

7 Oct 2015 10:48 AM

Every digital business needs to fundamentally rethink its attitude towards personal data, says BCS, The Chartered Institute for IT, following yesterday’s ruling by the European Court of Justice on the Schrems case which challenged the legality of the Safe Harbour agreement allowing US corporations to transfer European data to the US.

David Evans, Director of Policy said: “Doing business online is synonymous with doing so internationally, and as an industry we’ve treated personal data like any other corporate asset, retrofitting the legal environment to enable that. This ruling needs to be understood in a broader context, as a signal of how fundamentally we need to operate differently.”

At this point, it will not be clear how many organisations moving personal data across US/EU borders will be able to immediately comply with this ruling, as infrastructure may be fundamentally designed to ignore these boundaries. This could cause a wide array of cloud service providers to have to re-engineer their core systems in a fundamental way, or at the very least to invest heavily in EU-based data centres.

David continues: “PRISM and Snowden may appear to be the story, but what is more fundamental is that we’ve failed to design our personal data ecosystem around the people who have the biggest stake in that data; the subject. Lawmakers and corporations have been struggling in a tug-of-war for control over this issue, but what’s needed is a revolution in how we deal with personal data.

“People should have individual control over their data, with an industry there to enable that control, just as the banking sector empowers us to hold and transact our money. If the technology sector operated this way, then infrastructure would be designed very differently and we wouldn’t be facing this issue. And this issue is only the first to come.”

BCS recognises the importance of governments protecting the interests of their citizens; national security organisations need to have lawful covert access to data.

David adds: “It is important that these agencies are empowered not only by freedom to carry out their mission, but also given clear limitations and oversight that protect them from criticisms either for use of unclear powers or a failure to do so.”

Contact the Press Office