Big Data Decision Against Facebook: Implications For Google, Apple and 5,000 Other Companies

The highest court in Europe has just dealt a big blow to companies like Facebook with their landmark ruling that the agreement under which personal data is passed from Europe to the U.S. is no longer valid. The decision by the European Court of Justice (ECJ) that the “Safe Harbor” agreement doesn’t excuse regional watchdogs from ensuring that European data is kept secure after it is transmitted to the US could be expensive for big business. But it could also be a big step in the right direction for those of us who believe that data security is vital in the Big Data age.

The case was brought by Austrian Max Schrems, who is reported to have grown concerned about what was happening with his data which was being sent to the US by Facebook, after hearing the revelations of Edward Snowden.

Mr Schrems asked the regulators in Ireland, where Facebook’s EU operations are based, what assurances could be given that his data would not end up in the hands of the US security services. Security services such as the NSA, which according to Edward Snowden, were routinely carrying out mass surveillance on European as well as US citizens based on their social media use, and many other avenues of covert investigation.

When those regulators effectively told him that the “safe harbor” agreement meant they were excused from carrying out any due diligence, he took his concerns to the High Court in Dublin, which referred them to the ECJ – leading to this weeks ruling.

Until this week, the safe harbor agreement basically meant that it could be taken for granted that the big US tech giants like Apple, Google and Facebook had adequate security arrangements in place to protect the privacy of EU citizens when their data was transferred from the EU to the US.

Following yesterday’s ruling this is explicitly no longer the case, and businesses which transfer data – around 5,000 do so under the agreement - have a legal responsibility to make sure that it is not used outside of the agreed terms and conditions it was collected under.

So what does this mean? Well, having spoken to a number of businesses affected, the general feeling is that it is going to involve quite a bit more paperwork. And having spoken to a few lawyers specializing in data privacy - for them it is going to involve being paid quite a bit more money!

Like all rulings, however, it’s a two-way street – not merely affecting the tech giants which collect data in the EU and send it to the US for storage and processing.

The ruling requires that any bodies – not just US tech giants - which export data overseas outside of the EU take sufficient steps to ensure that the privacy rights of those who the data belongs to are not violated. This could include the fast growing number of businesses based in the EU which use US-based cloud computing services such as Amazon Web Services to host their data and run analytics.

From now on, it appears that organizations in the US and EU which transmit data between themselves will have to draw up legally binding contracts outlining the steps which will be taken to keep the data secure, and identifying who will be liable if breaches occur. As an alternative, particularly in the case of giants like Facebook, it could mean moving more of their data processing operations into the EU, to avoid having to cross international borders with the data in the first place.

For those of us – like me – who believe that privacy and self-ownership of personal data is a fundamental right, this is largely an encouraging move.

It is good to see that the central European courts are willing to stand up to the corporate might of the tech giants in order to protect the rights to privacy of their citizens. Facebook, the company widely perceived to be at the center of the issue, has categorically denied that it allows the US Government to snoop on data it holds without regard for due process – as alleged by Snowden. However a growing amount of evidence seems to be suggesting that this snooping is going on anyway, with our without their consent, so it’s hard to have confidence that this data is secure. This week, the judgement of the ECJ made it clear that it considers the US Government would always place its own interests over the privacy of EU citizens. And, to be fair, why shouldn’t it? It’s clearly the responsibility of EU authorities and watchdogs to protect EU citizen’s rights – this is what the judgement really clarifies.

And beyond the issue of Government snooping, there’s the question of security against those who go after our data without even the pretence of officialdom or law enforcement. Hackers have accessed and stolen data relating to hundreds of millions of individuals in recent years, and the biggest targets of these thefts have all been US-based, multinational corporations which transmit personal data between continents.

This ruling isn’t going to lead to Facebook shutting down services as has already been suggested by some commentators. It is going to lead to a bit more paperwork, and the lawyers will inevitably get a little bit richer. It basically reaffirms that the responsibility of ensuring data protection standards are met is with those who are profiting from the sharing of our data, as well as the local regulators which keep watch over this sort of business activity. In the long term, this is likely to be of benefit to all of us.

What are your views on this issue? Please share them in the comments below...

I regularly write about management, technology as well as the mega-trend that is Big Data for LinkedIn and Forbes. If you would like to read my regular posts then please click 'Follow' and feel free to also connect via Twitter, Facebook and The Advanced Performance Institute.

Here are some other recent posts I have written:

• What is Big Data - A complete overview
• Big Data: 20 Mind-Boggling Facts Everyone Must Read
• 3 Ways The Internet Of Things Will Change Every Business
• Windows 10 - Microsoft's Big Data-grabbing (or spying?) OS

About : Bernard Marr is a globally recognized expert in big data, analytics and enterprise performance. He helps companies improve decision-making and performance using data. His new book is Data: Using Smart Big Data, Analytics and Metrics To Make Better Decisions and Improve Performance. You can read a free sample chapter here.

Image: Yeamake / Shutterstock.com