On October 28, 2015 it was revealed that some European Union (EU) education institutions are considering no longer using Dropbox, after a European Court Of Justice ruling (EJC) in early October 2015 decided U.S. firms signed on to the Safe Harbour scheme could no longer be automatically considered to provide “adequate protection” to personal data they had received from the EU. Safe Harbour has come under fire after leaks by Edward Snowden that indicated the U.S. National Security Agency engages in mass surveillance of data held by U.S. technology companies. The ruling is not singling out Dropbox, but rather all U.S. based tech companies which provide cloud services for data storage.
Analyst comment:
Pinkerton assesses the fallout from the EJC ruling on Safe Harbour is still being sorted out across the EU. In the case of the educational institutions, while they were applauded for both their vigilance and compliance to the EJC ruling, they have been given the go ahead to continue to use Dropbox until further clarification on the ruling solidifies. For U.S. Technology firms offering cloud services in the EU, the EJC ruling is likely to affect some areas of operations and require more stringent promises to protect consumers’ data who reside within the EU. If those promises cannot be secured, companies who offer cloud services may no longer be able to service customers who reside under the EJC jurisdiction.