The decision by the European Court of Justice (ECJ) to suspend the ‘safe harbour’ transatlantic data-sharing deal could have huge ramifications for businesses on both sides of the Atlantic when it comes to data privacy in fraud prevention.
The agreement, which allowed the transfer of personal data of European citizens to organisations in the US, had been active since 2000. It has now been judged invalid because it does not enable data protection watchdogs in Europe to intervene on the behalf of citizens who complain that their privacy has been infringed.
Technology businesses, including ecommerce merchants, who hold or process the personal data of EU citizens in the US, will have to review their data processes and consider establishing local European-based datacentres for their EU customers, complying with typically stricter European data privacy laws.
This could completely change how US companies use and share data but unfortunately for end users, simply setting up European data centres will not be a simple cure. The US Freedom Act Section 702 (FAA 702) will still likely be used by the US government to obtain data stored in Europe by US companies and businesses will need be transparent with customers and manage any concerns they have on where their data could be shared.
Roberto Valerio, CEO of fraud prevention experts Risk Ident, comments: “Today, too many organisations argue that it is in the best interests of users to give up more of their privacy because it will ultimately keep them safer online. This is not necessarily true however, as it is possible to keep personalised information separate from anonymised data, such as device identification data. We founded and built Risk Ident with European data privacy laws specifically in mind and believe in smarter fraud prevention technology that maintains privacy without compromising on security.”
The ECJ ruling is not expected to be a barrier for businesses, although it will cause friction and take time for US companies to adapt. However, the ruling also has significant ramifications for businesses in Europe’s strongest economies, including the UK and France, as many organisations rely heavily on exchanging data with the United States as part of their fraud prevention practices. The ruling could even affect European businesses that use software supported in the US, as any transfer of private personal data could easily be made almost without thinking.
The recent high-profile Weltimmo and Schrems cases brought European data privacy into the spotlight and the ECJ’s decision this week will provide reassurance to European businesses and customers that their privacy is something that the European Union is taking seriously. Yet with today’s companies serving millions of online customers in hundreds of countries around the world, the debate on what data should be shared, and where, is something that will continue to rage on both sides of the Atlantic.
Roberto Valerio concludes: “We welcome this ruling from the ECJ, publically and legislatively recognising the importance of data privacy in Europe. Its decision has ignited renewed attention on the ethics of sharing personal data across continental jurisdictions and could also provide a boost to the European IT industry as the continent retains ownership of personal data management.”
About Risk Ident
Risk Ident are technology experts dedicated to fraud prevention, device fingerprinting, machine learning and behavioural analytics. The company helps reduce fraud, increase sales and decrease the cost associated with managing fraud by targeting the detection and reduction of: online fraud, account takeovers, false positives, malware, bot and proxy attacks, identity theft, affiliate fraud, scamming and credit risk.