Not So Safe Harbor and How A UK Web Chat System Can Help

The European Court of Justice invalidated the Safe Harbor Framework which had a big effect on UK businesses looking to purchase live chat from non EU countries.

The European Union Data Protection Directive, also known as “The Directive” is a legal act that identifies that the EU will generally prohibit the transfer of data, unless a receiving country can safeguard that personal data has an acceptable level of protection.

The Safe Harbor Framework was developed in 2000 to bridge the differences to meet the European standards, but the Framework didn’t ensure an adequate level of protection. A Safe Harbor Privacy Policy had to be posted which intended to comply with several Safe Harbor Principles. The US businesses that needed to receive personal data from the EU had to:

• Submit a self-certification form through the Commerce Department’s Safe Harbor website

• Pay the required fee.

After looking into it and finding the Safe Harbor Framework contravened upon the standards that enforced the framework, The European Court of Justice (ECJ) decided to invalidate it and introduce the Privacy Shield framework for the exchange of transatlantic data.

What is the Privacy Shield?

The new pact agreed by the EU and US is called the Privacy Shield and its terms include:

• Any flagged problems will be addressed by the Federal Trade Commission, who are working with the European data privacy watchdogs.

• The US will create an ombudsman to handle complaints from EU residents about Americans spying on their data.

• The EU and US will also conduct an annual review to check the new system is working properly.

Coming up with an idea to protect vital data is great, but how do we know this is reliable? It was rushed in so quickly after Safe Harbor was invalidated, how do we know it has been thoroughly thought about and that it won’t be invalidated in some time like Safe Harbor? Questions were raised regarding the idea, fears that the deal may be too broad. Because this was implemented in such a short time, ideas may not have been discussed properly.

"The results of months' worth of negotiation appears weak, and if adopted we are likely to see further legal challenge in the European courts," said Ashley Winton, UK head of data protection and privacy at lawyers Paul Hastings LLP.

How Is This Going To Affect UK Businesses Looking To Use a Web Chat System?

Unless there’s an adequate level of protection, UK businesses can’t transmit any data to countries outside the EU. UK businesses are governed by the Data Protection Act 1998 to protect customers’ data within the EU, by using a web chat system provider outside the UK or the EU means that customer data may be at risk, due to being open to external countries regulations and policies, especially in the US where there level of protection was deemed inadequate.

By keeping your web chat system data in the UK means all personal data will be protected. Click4Assistance are the UK’s leading chat widget provider with data held in London, conforming to the regulations laid out by the FCA and Data Protection Act. Click4Assistance is regulated and conforms to the Information Commissioner’s Office, who enforce the Data Protection Act 1998 and freedom of information.

Click4Assistance prioritise customer security within the business, being PCI compliant should any account or credit card numbers get entered into the chat widget these are masked and not stored. Chats are 256bit encrypted (same level of encryption and protection everyone expects from payment pages) so only your organisation has access to the chats.

For more information on our security policies or our web chat system, feel free to contact us on 01268 123 5781 or email the team at theteam@click4assistance.co.uk