I have 50 - 60 users in London and Amsterdam who keep their email on my mail server here in the US.
Can anyone tell me how this arrangement is affected by the the ECJ (European Court of Justice) ruling on 10/6 declaring that 'Safe Harbor' is invalid?
Do European privacy restrictions extend to the operation of my corporate mail servers?
Thanks in advance...
Safe Harbor was generally meant to mean if someone in the Europe stored data in the US it would not be touched or subject to US laws and vice versa.
Although everyone knew that in practice this was just so much fluff and nonsense, Mr Snowden put it clearly out in the public domain that the US basically ignored the agreement (and I daresay EU nations did likewise) and abused it's privileges with wholesale data collection from foreign nations without a by your leave. Technically Safe Harbor would have meant that your clients data could not be touched by Europe whilst stored on your servers in the US.
But for it to apply I believe you had to be signed up to it in the first instance, which I would guess you and your clients had not done, so it probably didn't apply anyway.
Ironically it is Microsoft that is fighting the US government over access to data stored on its Irish (tax avoiding) servers saying the US has no jurisdiction over them.
Quite frankly the whole thing is one big sorry mess and a road accident that has been waiting to happen for years. The politicos are going to have to fix it somehow or other though likely as not they'll try and sweep it under the carpet and it'll be SNAFU.
Remember that due for various historical reasons the bar on privacy is 'technically' set at a much higher level in the EU than in the US - even if in practice it isn't the case (GCHQ put paid to most of it !). Your clients probably have much less legal privacy protection on your side of the pond than we do on this. Plenty of reading on the subject via searches - see something like "eu privacy vs us"
So you probably need a good lawyer (as Charlie mentioned !) and confirm that your clients are happy to have any data stored on your servers subject to US legislation (and spying/data collection). Which they might not be so happy about
All naturally IMHO and not to be considered legal advice in any shape way or form !
B. Rgds
John