An EU court struck down a deal to let US and European companies easily transfer personal data between continents and it could mean some US tech companies frozen out of the market or replaced by EU rivals.
Coupon company RetailMeNot and security software outfit Symantec said a European change to rules governing transatlantic personal data transfers would hurt US companies and called for a quick fix.
A quick fix is unlikely. The EU seems in no mood to fix a law that the US broke by spying on EU businesses, citizens and politicians.
Big Tech giants like IBM are less likely to be effected because they can use a number of different legal arrangements they say will keep their data flowing.
Midsize companies including document management company Adobe Systems, design software maker Autodesk and coupon company RetailMeNot relied on Safe Harbour.
Adobe said it was “evaluating options” to transfer personal data between continents and Autodesk also said it was evaluating the decision.
Symantec said it has mechanisms in place to legally protect data transfers, but the uncertainty following the ruling has made it difficult for such companies to determine their next steps and how much business might be lost.
The company said that setting up data servers in Europe would not solve anything as you can’t isolate the flow of data only within one territory or jurisdiction. Data storage without processing would not be enough.
The US Chamber of Commerce has warned that companies could create new agreements with their customers in the European Union, but the lack of clarity and high costs could leave smaller firms with a “disproportionate share” of the burden of new legal requirements.
On the EU side, companies are rubbing their paws with glee. The change could be an opportunity for European companies like Orange and Deutsche Telekom to take business from U.S. companies.
Customers, both private individuals and businesses, will have to reassess their data plans and to look at storing their data within Europe, a source close to the company said.
IBM, Facebook, Google and Amazon will have to face additional legal arrangements such as “model clauses” which set privacy standards between the sender and receiver of the data and allow them to continue data transfers.
Some have agreements with European users who consent to having their data transferred to the United States. Facebook, for example, has a registration process that allows it to obtain consent from users when they sign up for the service.