The European Union Safe Harbour agreement with the USA has been making headlines recently, when a European Court of Justice ruled that the decision invalid. Making reference to secret data gathering programs that have recently been uncovered in the United States, the ruling questions the safety measures put into place to protect customer data held on servers located in America. Not only does this have repercussions for organisations storing customer data, but for researchers too.
The Safe Harbour Ruling
The following transcript is quoted from theEU Parliament website:
“The 2000 Safe Harbour agreement allows companies to transfer European citizens' private data to the US if they vouch for adequate privacy protection as set out in the agreement. More than 4000 companies currently use Safe Harbour for the transfer of data, including firms like Facebook, Google and Microsoft.”
“Following a complaint by Austrian citizen Max Schrems, the European Court of Justice declared on 6 October that the Commission's Safe Harbour decision is invalid. In his complaint, Mr Schrems argues that the Snowden revelations of the NSA data collection programme PRISM, which sees EU citizens' data held by US companies passed on to US intelligence agencies, calls into question the adequacy of the data protection provided by Safe Harbour.”
What Does This Mean for You?
The short answer to this question is: it depends. Predominately, whether you are affected by this ruling hinges on whether your participant data is stored on European or United States servers. All of our data is hosted in the EU – meaning that it is adequately protected by European privacy regulations. Our data is never transferred into or out of Europe either. So if you conduct online market research with FlexMR, don’t worry – the Safe Harbour ruling will not affect your data.
If you use a different research agency, the Safe Harbour judgement may affect your data. This is dependent on where the agency stores your participant data. If your participant or customer data is stored within the EU then it is still considered adequately protected under European law. However, if your research agency hosts data on (or transfers it to) US based servers – then the recent ruling calls in to question the adequacy of privacy laws protecting your data.
Although it is important to note that this does not necessarily mean your data has been passed on to third parties or intercepted – it does mean that your data is more vulnerable to such attacks, and is not protected to the same standards as it would be within the EU.
What Can You Do About It?
If your research agency does store your data in the US, then you have a couple of options. The first, and easiest resolution to reach, is to ask your research provider to move your data to European based servers. Should you encounter any difficulty with this, then either consider hosting the data yourself (if you have the capabilities to), or switching to a research agency that does host data within the European Union.
In the wake of the recent high profile data breaches, it is important not to take any risks with your customer or participant data. The data that researchers hold is highly sensitive and confidential – and a privacy breach can hugely influence consumer confidence. You can never be too vigilant with your data. The Safe Harbour ruling highlights the growing awareness of data security and how crucial it is to take every precaution to safeguard your customers.
Louisa is a self-described Info Sec Warrior, who has been key to FlexMR obtaining the ISO 27001 and Cyber Essentials Plus certifications. She is responsible for our information and data security processes, using her extensive knowledge of market research and attention to detail to ensure that we provide the highest level of security possible. You can follow Louisa on Twitter.