On October 6, 2015 the European Court of Justice declared that Safe Harbor alone is no longer considered adequate privacy assurance by itself for customers requiring EU’s data protection of personal data. Media ran to the presses with the issues this might entail for European customers of US-based data holdings, however the UK Information Commissioner was quick to state “Keep calm, Safe Harbor is not the only route.”
To ensure our customers know what privacy assurance is available now and what we are working on, we have updated our Privacy overview page on our Trust site. We are strong advocates of your privacy and believe these efforts will help to ensure you remain in compliance with EU law.
Though Privacy is not called out as a specific fundamental right in the United States today, as it is by the EU, this is an area of active change as evidenced by the recent passage of the California Electronic Communications Privacy Act (CalECPA). Previously, California privacy law did not cover electronic devices or digitally stored information, so now a warrant is required for the government to access electronic information – a step the EU considers the right direction.
Bottom line, some customers might want to utilize mechanisms in the short-term to help fulfill privacy regulation requirements such as Consent, EU Model Clauses, and even deployment models. Esri plans to support Safe Harbor 2.0 when it is released to ensure we can all work together in the most effective manner and provide assurance to the privacy and security of our customers around the globe.
– The Security Standards & Architecture Team
References:
Esri’s Trust site Privacy Summary
EU Model Clauses
EU FAQ’s To Understand Personal Data Transfer Requirements
Overview of new CalECPA Privacy Law
Article Discussion: