When the Safe Harbor data agreement was struck down, cloud vendors saw the writing on the wall well in advance. But it also raised a number of questions about the future of international data transfers in a global cloud market.
The European Court of Justice in October ruled against the legal framework used by 4,500 companies to transfer data between the European Union and the U.S. It was a move that didn't surprise most cloud vendors, as the hyperscale providers turned to binding corporate language and an increasing number of foreign data centers to work around sovereignty issues. Niche providers, meanwhile, have begun pitching themselves in areas where Amazon and Microsoft don't have a physical presence.
But more than anything, the dismissal of an agreement that essentially allowed for self-reporting makes it clear that companies operating across the Atlantic have to adopt the EU privacy directive and prove they're compliant, said Renee Murphy, senior analyst at Forrester Research Inc. in Cambridge, Mass.
"We all knew it was a joke," Murphy said. "Now we all now have to deal with it."
Companies on both sides of the Atlantic have raised concerns about liabilities and have called for interim guidance and long-term solutions from their respective governments. But in the short term, the degree to which the ruling impacts companies largely depends on how heavily they relied on the Safe Harbor agreement, Murphy said.
"If you wanted to do the right thing, you're probably not all that worked up," Murphy said. "If you wanted to find the least resistant path and it was self-assessing [that] everyone knew was a joke -- if that's what you were relying on you've probably got a long way to go."