A change to rules governing transatlantic personal data transfers may hurt U.S. SMBs, locking them out of the market or replacing them with EU-based competitors.
On Tuesday, the highest EU court ruled the Safe Harbor agreement invalid. The agreement had allowed thousands of companies to transfer data easily from Europe to the United States.
The court said the Safe Harbor agreement does not sufficiently protect EU citizens' personal data.
Tech giants like IBM are more prepared for the change, because they use a different legal arrangements (such as "model clauses" which set privacy standards between the sender and receiver of the data) which they say will allow them to continue data transfers despite the new ruling. But most SMBs are not so lucky.
"The biggest fear is they'll lose the opportunity to provide data services in Europe," said Emery Simon, counselor to BSA | The Software Alliance, an industry group.
The EU and the United States are collaborating on a system to replace Safe Harbor, but in the meantime the change is an opportunity for European competitors to take business from U.S. companies.
"Any U.S. company with employees or customers in Europe is potentially impacted by this ruling," RetailMeNot spokesman Brian Hoyt. "We also believe it may also create challenges for data sharing necessary to rapidly provide data analysis for business operations."
The case stemmed from a complaint alleging Facebook helped the NSA harvest private data of EU citizens. But Facebook and other U.S. tech companies say they have not broken the law.