The EU-US Safe Harbor ruling significantly affects organizations that transfer and use European Union citizens’ data. In this video blog, we talk about what this decision means for businesses worldwide.

Digital disruption isn’t the only thing impacting business models. As we’re seeing in the wake of the EU-US Safe Harbor ruling, legislation is another factor that can change the course of company strategy. In a court decision that can’t be repealed, the European Court of Justice declared the EU-US Safe Harbor framework immediately invalid, placing restrictions on how companies can transfer and use EU citizen data. While we won’t know the full implications of the ruling until it has had time to settle into the business environment, it’s a step forward for consumers and their right to data privacy.

The ruling may require customer-facing organizations that engage with EU citizens to strengthen privacy protections, data security and information-sharing transparency. The court’s decision is based on the premise widely held in Europe that customer data is personal property; therefore, it must conform to the EU privacy mandate. Another key aspect of the decision is it allows each EU member state to verify and enforce rules independently of each other.

Coming at a time when many businesses are embarking on digital business initiatives ranging from e-commerce, mobile apps, social media and the Internet of Things (IoT), the decision could threaten the launch and adoption of digital customer engagement strategies, particularly if companies move forward without shifting their mindset about customer data. Businesses can no longer assume they can freely use the data; organizations will need to act as good stewards instead of owners of customers’ personal information.

Executing data management as a steward requires a completely different approach to customer engagement. It necessitates one-to-one interactions rather than relating to customers as mass audiences. It means providing customers with opt-in/out choices and the ability to set preferences about how they want companies to use their data.

Additionally, the autonomy granted to each EU member state in enforcing privacy rules creates a fragmented regulatory landscape. It places further emphasis on managing data at a granular level instead of applying policies on a group scale.

Organizations will need to implement a globally unified customer identity management service that enables customers to self manage preferences, opt-ins/outs and privacy consent. Customer data management solutions will also need to enforce local data privacy rules uniformly and consistently across all channels and devices to control how personal data is used.

The personal data privacy debate will continue to evolve and change the business landscape. As the trend moves toward giving consumers more control over their data, the businesses that embrace the data-steward mindset will be able to best navigate the changes ahead.


Register for the Oct. 20th Webinar featuring award-winning author Chris Surdak. Seizing the Data Crush Opportunity with Customer Identity Management.