Today, the Advocate General of the Court of Justice of the European Union issued its long-awaited opinion in the Irish Facebook (Schrems) case, inter alia on whether the Safe Harbor should be suspended. His recommendation is indeed that the European Commission should suspend the Safe Harbor decision, on the basis that the United States cannot be considered a safe country ensuring an adequate level of data protection.
It remains yet to be seen whether the Court of Justice of the EU will heed this advice and how immediate the consequences would be; the decision in the Schrems case was originally anticipated at the end of this year but because the Advocate General postponed his opinion, it’s likely that the Court’s decision, too, will be postponed. In any case, the threat that the Safe Harbor will be repealed has materialized even more.
If the Safe Harbor is indeed to be scraped, it will affect not just the business models of Facebook, Google etc., but cloud provides who rely on the Safe Harbor regime too, will have to reconsider the data storage model for their EU customers. Generally it will become more challenging to have data related to the EU customers stored in the United States. Customers may need to review and possibly renegotiate their current cloud contracts and replace the Safe Harbor by a more robust regime such as the EU model contractual clauses.