The ECJ has now decided that businesses - chiefly US-based organisations - will no longer be able to rely on the US Safe Harbour Privacy Principles as ensuring an adequate level of protection to satisfy the requirements of the EU Data Protection Directive when transferring personal data outside the EEA.
The European Commission has been negotiating with the US authorities for some time regarding the introduction of a new, more privacy protective arrangement, and these negotiations can now be expected to be pursued with more urgency. However, in the meantime organisations which have relied on the Safe Harbor scheme will have to put in place quickly alternative compliance mechanisms, although the choice is limited. For more details, see our data protection update here.
Note that this decision does not impact on the validity of any inter-company Data Transfer Agreements (Set II).
Key contacts
Steve Bell
Managing Partner - Employment, Industrial Relations and Safety (Australia, Asia), Melbourne
Emma Rohsler
Regional Head of Practice (EMEA) - Employment Pensions and Incentives, Paris
Disclaimer
The articles published on this website, current at the dates of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action.