Tech Companies are Seizing on the Collapse of the Safe Harbor Agreement

November 17, 2015, 8:52 PM UTC
european union 3d illustration
Photograph by Getty Images/iStockphoto

In the time-honored tradition of not letting a good crisis go to waste, U.S.-based technology providers seized on the recent collapse of the Safe Harbor agreement to announce new products, services, and data centers on the other side of the pond—and to pen articles about the impact of the change.

On October 6, the European Court of Justice ruled that the 15-year-old agreement that allowed companies to ship customer data between the E.U. and the U.S. without prior customer permission violated the privacy rights of those customers. In its bombshell decision, the court cited that the U.S. does not provide sufficient protections for personal data and scrapped the agreement. The parties were given three months to come up with something new. Tick tock.

Within weeks of the meltdown, Santa Clara, Calif.- based Syncplicity announced plans to let customers store data in the E.U., Amazon (AMZN) Web Services said it would open a new cloud services region in the U.K. next year; Microsoft(MSFT) said it was adding two Azure data center facilities in the U.K. and two more in Germany. In the latter case, Microsoft made a point of saying that its partner Deutsche Telekom, not Microsoft itself, will hold the keys to data belonging to German nationals.

To be fair, while there was a flurry of press releases after the Safe Harbor collapse, most of these plans were in the works well before that and probably even before Edward Snowden’s bombshell disclosures of National Security Agency snooping on private citizens two years ago.

After the September 11, 2001 terrorism attacks on the U.S. and the subsequent the USA Patriot Act, which gave intelligence agencies sweeping investigative powers, E.U. telcoms, cloud companies, and other tech providers pushed for protectionist “national” clouds that would keep E.U. data beyond the reach of the NSA. (At least in theory.) That effort was definitely not lost on Amazon, Salesforce(CRM), IBM (IBM), Microsoft, and other companies, all of which built up additional European facilities.

Paul Sherrell, head of partnerships for U.K.-based Premiership Rugby, said the company had used U.S.-based providers to store data. But in the past few months switched to store it with Intralinks, in part because that company could store the Premiership Rugby’s information in the U.K.

“Before, we didn’t mind where the data was stored,” Sherrell said via email. “We share sensitive information about our intellectual property, brand guidelines, TV, and audience data plus commercial contracts, which obviously contain sensitive information—it’s become a pressing issue.”

Sherrell is happy the company was ahead of the Safe Harbor meltdown, but there was already significant concern about controlling access to data and making sure it complied with all relevant regulations, he said.

That jibes with what Gartner (IT) Europe managing director Carsten Casper has noticed. “I’ve seen providers shift—or replicate—operations to Europe for several years, initially because of the Patriot Act and later because of the NSA/Snowden revelations,” he said via email.

Big customers should not panic about Safe Harbor implosion since it was just one mechanism for transferring personal data across the ocean, Casper added. Most companies are now writing language about data transfer into their contracts.

That’s not to say there isn’t a deeper problem here, which is one of trust. In the wake of spy agency surveillance—which by the way is practiced by many countries—tech providers of all sizes need to win back the confidence of customers who worry that agency-requested back-doors might give governments or even non-state-affiliated hackers access to their crucial data.

For more coverage from Barb follow her on Twitter at @gigabarb, read her coverage at or subscribe via her RSS feed.

And please subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward