Regulatory News: Safe Harbor Declared Invalid In Europe

The Safe Harbor Framework that permits the transfer of data between the United States and Europe is in jeopardy.

Last week, the Advocate General, a legal advisor to the European Court of Justice (the European Union’s top court), released his opinion on the EU-US the Safe Harbor framework, which he said is invalid. He said the agreement does not do enough to protect EU citizens’ personal information when it reaches the United States.

The Safe Harbor agreement has been around since the year 2000. More than 4,400 companies are Safe Harbor certified. U.S. and European companies rely on the EU–US Safe Harbor framework to permit the lawful transfer of personal data from the EU to the U.S.

The ruling is not yet final, and the EU court’s judges will issue a final ruling in the coming months.  If they follow the Advocate General’s recommendation, which they often do, this will cause significant headaches for U.S. companies that serve customers in the EU.

A reflection of increased digital privacy concerns in wake of the NSA scandal and Edward Snowden leaks, the ruling has the potential to impact thousands of U.S. and European companies. It presents serious challenges for U.S. SaaS providers who have built their businesses under the framework of the Safe Harbor agreement.

Without the Safe Harbor agreement in place, data that originates in Europe may need to stay strictly in Europe. This includes everything from payroll to customer data. Some large enterprises have tried to stay ahead of the issue by investing in data centers in Europe.  However it should be noted the local data centers don’t fully solve the issue.

While this ruling does present challenges for SugarCRM, the company is better equipped than “SaaS only” solutions that lack local or on-premise deployment options. SugarCRM offers multiple deployment options and can continue to provide viable alternatives for EU customers, including:

  • Local hosting through various partners including “in country” hosting by T-Systems
  • On-site deployment options that require simple instance migration, meaning customers do not need to transfer their data to Sugar

Other SaaS/premise mix providers may be hard pressed to keep their customers, as SugarCRM is one of the only multiple deployment CRM providers offering a single code base across all deployment options.

SugarCRM has customers in more than 120 countries. We realize companies around the world are subject to many different laws and regulations. Legal requirements in one country may be inconsistent with legal requirements applicable elsewhere. Hence, we offer a multi-tenant cloud service, a private instance in the cloud, and also allow customers to deploy on their own internal clouds. A flexible deployment approach allows our customers to more easily comply with international data security and privacy laws.

Subscribe to SugarCRM Updates

Sugar’s email newsletter is filled with the latest trends, tips, best practices and company news you need to help drive extraordinary customer experiences.

I have read the SugarCRM Privacy Policy and consent to the processing of my personal data.