Earlier this month, the European Court of Justice ruled the U.S.-EU Safe Harbor agreement invalid, sending waves of uncertainty through the mobile economy. Small companies relying on the Safe Harbor to meet EU privacy obligations must now find other means to verify data protection.
Binding Corporate Rules (BCRs) or Model Clauses recognized by Data Protection Authorities (DPAs) do exist, but are costly and cumbersome for small companies and startups. However, a recent decision from German DPAs to no longer issue new BCRs or data export agreements adds to the confusion about those options, making it even more difficult to meet consumer demand for cross-border data exchange.
Ultimately, app companies, and the businesses relying on their services, are caught in the middle of this conflict between governments. Many are now delaying plans for expansion until clarity around transatlantic data transfer is restored. This impact is felt far more by small companies lacking the resources to pursue alternatives. The collapse of the Safe Harbor agreement, and subsequent action in Germany, demonstrates the urgent need for an updated global commitment to privacy laws.