In October 2015, the European Court of Justice overruled an international agreement that a large number of companies were using with the purpose of moving digital information. The European Court of Justice found a significant flaw in the agreement, known as Safe Harbour. Their concern was that it gave US government organizations the chance to get access to the internet data of European citizens. In 2013, Edward Snowden a former NSA contractor, leaked information that revealed that the US intelligence agencies were able to access data, almost without restrictions, compromising the right to privacy of internet users, not only in the United States, but around the world.
After the ruling, many American companies started setting up EU data centers and offered their customers to select where they preferred to keep their information stored. In the end of October 2015, a case that drew a lot of attention took place in a London borough, when a guidance email was sent to teachers advising school to stop using Dropbox and other cloud solutions. The schools were informed by the UK’s data watchdog that they were not required to make any immediate changes since there was not urgent reasons for concern regarding the safety of personal data. This indicates that following the European Court of Justice ruling that declared that the system used to enable personal data transfers to the US was not valid, Dropbox was still considered safe.
In the UK, there was growing confusion regarding the procedures that should be followed in the wake of the ECJ’s decision. The information and communication technology chief of the Lewinsham Council, sent an email to his colleagues to clarify things. Back then, Neil Iles advised his colleagues to look into the possibility of switching from Dropbox (and other non-EU cloud data services) to alternative solutions within the European Union. In addition, David Smith, the Information Commissioner’s Office Deputy Commissioner and Director of Data Protection, admitted that it was a very complex matter, but also stated that there were measures in place to protect personal data transferred under the agreement.
What was Dropbox’s response?
Dropbox promptly replied by giving reassurance to its customers, including schools and businesses. A spokesman from the company stated that Dropbox, just like the other services in the industry were waiting for guidance from the European Commission regarding the revised Safe Harbour framework, in order to establish the best solutions in the ling-term.