27 September 2015

Safe Harbor: Achieving a Defensible Standard of Care...

"Achieving a Defensible Standard of Care" within the enterprise requires an astute and proactive legal framework.  Operational Risk Management becomes a key component of the legal framework in multiple junctions of technology, data science and privacy law.

U.S. National Security continues to be in the center of the legal jousting between the European Union and the United States.  Underlying the debate is the data flowing through the Internet from data centers in Europe owned by U.S. companies.

What are the implications of a change in the Rule of Law and the rules associated with the collection, storage and analysis of data by companies such as Facebook?  How will the future of Operational Risk decisions impact the safety and security of nation states?  Is "Safe Harbour" ready for legal reengineering and a new updated global data privacy architecture for the Internet of Things (IoT).

III –  Conclusion 237. In the light of the foregoing, I propose that the Court should answer the questions referred by the High Court as follows:

Article 28 of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, read in the light of Articles 7 and 8 of the Charter of Fundamental Rights of the European Union, must be interpreted as meaning that the existence of a decision adopted by the European Commission on the basis of Article 25(6) of Directive 95/46 does not have the effect of preventing a national supervisory authority from investigating a complaint alleging that a third country does not ensure an adequate level of protection of the personal data transferred and, where appropriate, from suspending the transfer of that data.

Commission Decision 2000/520/EC of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the Department of Commerce of the United States of America is invalid.
  Chief Privacy Officers and General Counsel within the ranks of Amazon, Google and Facebook are on a proactive mission quest.  How to keep business models fueled by advertising from erosion of data flows from outside the U.S. if precluded and if, all data from the EU must stay within the EU.

The Office of the Director of National Intelligence (ODNI) will be tracking the data privacy legal frameworks across the globe and the continuous changes that will be necessary to stay in compliance with U.S. laws.  Henry Farrell sums this up nicely in his WP analysis:
Thus, if the court rules as expected, the U.S. has to choose between two unattractive options. The first is to refuse to make any concessions on surveillance, hence endangering the business models of big and influential U.S. e-commerce firms, and making life much harder for other big corporations that e.g. have to transfer personnel files across borders. The second is to make real concessions to the EU on spying, moving away from indiscriminate surveillance to a system that would provide real protections for European citizens.
We are on the edge of many years of new business process reengineering (BPR), but this time it is not about the demise of proprietary client / server architectures and the addition of Internet Protocols.  The new data privacy BPR is now just underway and it has all to do with creating the sound contractual negotiations of digital devices across borders.  More importantly, the trusted business assurance questions being asked by Operational Risk Officers and the building of digital trust as data and rules are executed at the speed of light.

Achieving Digital Trust delivers to business executives, IT strategists, and innovation leaders something remarkable-a complete tool-kit of new strategies and resources that will change how they make decisions that matter, and how to build digital assets that can be trusted. 

As you pick up your mobile device to access Messenger, or Wickr, the rule of law is being put in motion in nanoseconds.  When you type the message to your colleague in Ireland or Germany from Detroit, your data is being processed across data centers in multiple countries.  Machines executing business rules with other machines.  Are the rules correct?  Are they all legal?

"Achieving a Defensible Standard of Care" in the next decade will be one of our most interesting challenges.  The Safe Harbor of our way of life may go beyond the simple integrity and assurance that the message simply gets delivered.