Apps Alliance Tech Policy Roundtable: Safe Harbour Ruling, Impact on SMEs and digital startups

On Tuesday, 17 November, the Apps Alliance hosted its second European Parliament Round Table discussion with Heinz K. Becker MEP.

Heinz K. Becker MEP and Catriona Meehan

Heinz K. Becker MEP and Catriona Meehan

The event focussed on the recent Safe Harbour ruling and its ‘Impact on SMEs and Digital Startups’. SMEs and startups represent more than 60% of companies that participated in the Safe Harbour agreement and they will be most heavily affected by its invalidation.

The round table was made up of 35 attendees from a wide variety of interested parties and there was extensive discussion about the issue and its implications. Speakers included:

Paul Rubig MEP

Paul Rubig MEP

- Heinz K. Becker MEP  

- Catriona Meehan, Apps Alliance EU Policy Director

-  Max Keller (Android Developer)

-  Andreas Backx (Co-founder Cloock and Lunchbreak)

- Linda Corugedo-Steneberg (Principal Adviser, DG Connect)

- Lenard Koschwitz (EU Affairs Director, Allied for Startups)

- Paul Rübig MEP (Co-founder of SME Europe)

With developers and policy makers in the room, the event gave a unique insight into the impact of the Safe Harbour ruling on grassroots app development, on top of the policy issues that have arisen.

Linda Corugedo-Steneberg and Lenard Koschwitz

Linda Corugedo-Steneberg and Lenard Koschwitz

Contributions from all our speakers were essential in clarifying the challenges they face:

International data transfers are vital in guaranteeing competitiveness and satisfactory user experience - Interrupting transatlantic data flows increases cost, makes app performance slower and will inevitably impair user experience. In addition, 28 different data transfer legal systems would be a scenario which would pose a threat to competition and start-ups success.

Legal Limbo – Developers now find themselves in a place of uncertainty regarding the legality of the data transfers required for their applications. Bigger companies could easily overcome the legal implications of the absence of SH, which on the contrary pose real difficulties and uncertainty for start-ups and SMEs who do not have the necessary legal expertise or money to hire legal help.

Bullet Point and Bullet Proof – A phrase coined by Lenard Koschwitz and echoed throughout the discussion with regard to the potential ‘Safe Harbour 2.0’. A clear and concise bullet point list of data protection rules is a necessity for startups and SMEs under the new agreement. The new agreement will undoubtedly come under intense challenge and scrutiny, therefore the final agreement needs to be bullet proof.

Alternative tools – Standard contractual clauses (SCCs) are legal and ensure companies’ compliance. Those are available on the Commission’s website and do not need to be approved by the data protection authorities. On the contrary, binding corporate rules (BCRs) are not usable by SMEs and start-ups, being available only for transfers within corporate groups.

Will it get passed? – The general consensus was that a new Safe Harbour agreement is the best way to go, but an end of January deadline seems to be quite tight. The Commission intensified the talks with the US, focussing on the need for judicial review and the need for limitations and safeguards in regards to access and use by public authorities of personal data for national security purposes, will it pass in time? Linda Corugedo-Steneberg stated that “an agreement is ambitious but not impossible”