This could be a big Whoa! moment for international ticketers, and the many venues that use their services. On 6 October 2015 the European Court of Justice ruled that the so called ‘Safe Harbour’ agreement between the EU and the US was invalid. At a stroke this meant that EU Data Protection laws, commonly applied across the single-market, including the UK, meant that EU citizen’s data could not be transferred to, pass through, or be processed on servers in the US. It is simply no longer legal to transfer customer data between servers in the US and Europe.
Irish case with consequences
The Financial Times noted the impact this decision had, coming from a Facebook data protection case in Ireland: http://www.ft.com/cms/s/0/521a2c58-6c3e-11e5-8171-ba1968cf791a.html#axzz3nyaRHFxe
For some providers, this may pose a huge challenge because, though they could have server farms in Europe as well, the nature of global infra-structures is complex.
This all starts with Edward Snowden
You would be right in guessing that this all starts with Edward Snowden. In doing the right thing in exposing what the US’s NSA and the UK’s GCHQ was doing in monitoring data traffic around the world, it also revealed that the US Government did not feel obligated to comply with the customer privacy terms of the ‘Safe Harbour’ agreement with the EU. Smart Insights reported the details: http://www.smartinsights.com/marketplace-analysis/digital-marketing-laws/implications-for-marketers-of-the-end-of-the-safe-harbour-agreement-smartinsights-alert/
Fundamental implications for The Cloud
However, this European Court of Justice ruling impacts on ‘The Cloud’ in a way which many have feared since the activities of the NSA and GCHQ were revealed. Many globally focussed companies – Facebook, Google, Amazon, Apple, Microsoft are the quintet regularly mentioned – run a global infra-structure which hosts, routes and links data anywhere in the world. Your version of Word or your Google documents or your ‘customer wallet’ are as likely to be in the US as anywhere. But that includes hotel chains, airlines, and of course ticketers. Now the EU want a ‘Walled Garden’ around the EU to protect their citizens under applicable EU laws. That quintet are all said not to like this. There is huge consternation in the US about the way this impacts on global business: Internet advertisers for example cannot route tracking into the US.
What can individual venues do? Check that your system supplier or system host is confining your service and data and applications such as payment gateways, etc. to EU based servers. What can international ticketing companies do: ensure EU customer data is retained and processed only within the EU – fast.