The Information Commissioner’s Office (ICO) has corrected misinformation shared with schools about using services such as Dropbox after the recent Safe Harbour ruling, the BBC reports.
The Safe Harbour ruling was a decision by Europe’s top court to strike down the Safe Harbour scheme previously used to legitimise the transfer of data from Europe by US companies, spurred on by the revelations that the NSA spies on almost all internet traffic.
Companies have subsequently been scrambling for alternate legal frameworks to legitimise this transfer.
The ICO has been forced to provide clarification after Lewisham Council’s information and communications technology chief, Neil Iles, sent an email to his colleagues last week that read: “If you still use Dropbox as a quick-win cloud storage solution for your school please consider that recent changes in rulings regarding the validity of the Safe Harbour Agreement means that data stored outside the EU is now officially at risk for EU based Data Owners.”
The ICO claims that this isn’t the case, however. “There is no new and immediate threat to individuals’ personal data that’s suddenly arisen that we need to act quickly to prevent,” the ICO told the BBC. “We’re not advising people to rush to make changes at this stage.”
Around 4,500 American companies relied on Safe Harbour before it was struck down, and have now been forced to use alternative methods like model contract clauses or seeking data subjects’ consent to allow the transfer of data. None of these alternatives are as simple as Safe Harbour was, and Europe is now seeking to implement a successor scheme.