In a ruling that could cause mayhem for US cloud companies, the European Court of Justice is due to rule tomorrow, Tuesday 6th October, if using US cloud providers is illegal.
When the EC published its EU Data Directive in 2000, a concession was made so that US companies, where data protection is not enshrined in law, could continue to hold data on EC citizens provided that it complied with rules codified in the “Safe Harbor” agreement negotiated as a concession at that time. Many people have been concerned that Safe Harbor compliance is weak and not properly monitored, and revelations by Edward Snowden showed US agencies regularly ignored Safe Harbor. Indeed, Microsoft is currently resisting a court order in the US to provide data held on its servers in Ireland.
After years of frustration with the US, the European Court of Justice is now set to rule whether the Safe Harbor exemption will be allowed to continue. If it rules that the Safe Harbor exemption is no longer valid then it will be illegal to store data on EC citizens in the US, indeed anywhere other than within the EC.
The effects of such a ruling will be disastrous for all US cloud companies, including CRM vendors such as Salesforce and Zoho. Their EC customers will be breaking the law if their Safe Harbor exemption is revoked.
Criticism of Safe Harbor has been rumbling now for over a decade, and the US government has done little to reassure anybody that EC data is safe in the US. But the ruling tomorrow may come out of the blue and there is every indication that after years of frustration, the EC may pull the plug on US cloud vendors overnight.