The decision by the European Court of Justice (ECJ) on October 6 to suspend the ‘safe harbour’ transatlantic data-sharing deal could have ramifications for businesses on both sides of the Atlantic when it comes to data privacy in fraud prevention, it is clamed.
The agreement, which allowed the transfer of personal data of European citizens to organisations in the US, had been active since 2000. It has now been judged invalid because it does not enable data protection watchdogs in Europe to intervene on the behalf of citizens who complain that their privacy has been infringed.
Technology businesses, including ecommerce merchants, who hold or process the personal data of EU citizens in the US, will have to review their data processes and consider establishing local European-based datacentres for their EU customers, complying with typically stricter European data privacy laws.
This could change how US companies use and share data but for end users, simply setting up European data centres will not be a simple cure. The US Freedom Act Section 702 (FAA 702) will still likely be used by the US government to obtain data stored in Europe by US companies and businesses will need be transparent with customers and manage any concerns they have on where their data could be shared.
Roberto Valerio, CEO of fraud prevention firm Risk Ident, says: “Today, too many organisations argue that it is in the best interests of users to give up more of their privacy because it will ultimately keep them safer online. This is not necessarily true however, as it is possible to keep personalised information separate from anonymised data, such as device identification data. We founded and built Risk Ident with European data privacy laws specifically in mind and believe in smarter fraud prevention technology that maintains privacy without compromising on security.”
The ECJ ruling is not expected to be a barrier for businesses, although it may cause friction and take time for US companies to adapt. However, the ruling also has significant ramifications for businesses in Europe, including the UK and France, as many organisations rely on exchanging data with the United States as part of their fraud prevention practices. The ruling could even affect European businesses that use software supported in the US, as any transfer of private personal data could easily be made almost without thinking.
The recent Weltimmo and Schrems cases brought European data privacy into the spotlight and the ECJ’s decision may reassure European businesses and customers that their privacy is something that the European Union is taking seriously. Yet with companies serving millions of online customers in hundreds of countries around the world, the debate on what data should be shared, and where, will continue, the firm says.
Roberto Valerio adds: “We welcome this ruling from the ECJ, publically and legislatively recognising the importance of data privacy in Europe. Its decision has ignited renewed attention on the ethics of sharing personal data across continental jurisdictions and could also provide a boost to the European IT industry as the continent retains ownership of personal data management.”
About Risk Ident
Risk Ident cover fraud prevention, device fingerprinting, machine learning and behavioural analytics, managing: online fraud, account takeovers, false positives, malware, bot and proxy attacks, identity theft, affiliate fraud, scamming and credit risk. Visit www.riskident.com.
