EU Safe Harbor Framework and Live Chat Software

With the decision from the European Court of Justice to invalidate the US-EU Safe Harbor Framework we explain how it affects UK businesses looking to purchase live chat software from a non-EU country. 

How does the Invalidation of the US – EU Safe Harbor Framework affect businesses with live chat software?

With the decision from the European Court of Justice (“ECJ”) on 6th October 2015 to invalidate the US-EU Safe Harbor Framework we explain what it is and how it affects those businesses looking to purchase live chat software from a non-EU country. 

What is Safe Harbor Framework

If you don’t work in Compliance you may have never of heard of the Safe Harbor Framework, so what exactly is it?

Well firstly we need to explain The European Union Data Protection Directive (also known as the “Directive”). The Directive is a legal act which specifies that unless a receiving country can safeguard that personal data has an “adequate level of protection” then the EU will generally prohibit the transfer of data.

So onto the Safe Harbor Framework, as the US laws did not ensure an adequate level of protection to meet the European standards, the Safe Harbor Framework was developed in 2000 to bridge the differences to meet the adequacy standards. Those US businesses that needed to receive personal data from the EU were required to meet 3 necessary conditions:

• Must post a Safe Harbor Privacy Policy which must outline their intention to comply to the seven Safe Harbor Principles constructed to protect the data
• Submit a self-certification form through the Commerce Department’s Safe Harbor website
• Pay the required fee

Why was it invalidated?

The European Court of Justice (“ECJ”) decided to invalidate the Safe Harbor Framework on 6th October 2015 after investigating the framework and finding that it infringed upon the standards set out, in terms of enforcing the framework, allowing access to personal data by intelligence agencies, and the capability of EU citizens to sanction their rights.

The Federal Trade Commission was solely responsible for enforcing the framework, in 2013 the Commission had written a report on Safe Harbor, where the ECJ had found "in practice, a significant number of certified companies did not comply, or did not comply fully, with the safe harbour principles."

Upon scrutinizing the 2013 report the ECJ highlighted the following "'all companies involved in the PRISM programme, and which grant access to U.S. authorities to data stored and processed in the [United States], appear to be Safe Harbor certified' and that '[t]his has made the Safe Harbor scheme one of the conduits through which access is given to US intelligence authorities to collecting personal data initially processed in the [European Union]'." Their concern is that the Safe Harbor granted US intelligence agencies the ability to gather consequential extent personal data of EU inhabitants from organisations that had accredited to Safe Harbor including many acclaimed internet corporation.  

The final and most relied on finding that made the ECJ come to their decision, was that Safe Harbor provides “no opportunities for either EU or U.S. data subjects to obtain access, rectification or erasure of data, or administrative or judicial redress with regard to collection and further processing of their personal data taking place under the U.S. surveillance programmes." Meaning EU citizens did not have the necessary means to exploit their data protection rights under the Directive.

How does this new law effect UK businesses looking for live chat software providers?

Those businesses that already are with a non-EU chat provider are already at risk and are exposing their customers’ data. They now have a choice to protect themselves and more importantly their customers, or to continue using a non-EU chat provider, which does not have to uphold the Safe Harbor standards now and knowingly risk all the personal data passed through their live chat systems.

UK Businesses are prohibited to transmitting personal data to countries outside the EU unless there is a guarantee of the adequate levels of protection. There is a simpler option for businesses looking to adopt live chat software for their websites that will protect all personal data and abide by legislation.

The answer?

Keep your live chat software data in the UK

Click4Assistance is the leading UK live chat software provider and is registered with the Information Commissioner’s Office, as a “data processor” Click4Assistance must (and we do) comply with the Data Protection Act, with your security our main priority.

“Data security is an important factor for every client, our continued investment in the latest technology methods and world class data centres show our commitment to this valid concern” 

Managing Director

With Click4Assistance your data is held in London conforming to ISO 9001, 27001, 14001 and 22301 Standards, adhering to the stringent regulations laid out by the FCA and Data Protection Act 1988 for data storage and PCI compliance.

Working with organisations from multiple industries regardless of size we fully understand why physical and data security is so important. Still have security concerns? Arrange a consultation with our account managers now on 0845 123 5871 or through theteam@click4assistance.co.uk