The invalidation of the EU-U.S. Safe Harbor framework in October 2015 has created uncertainty for businesses that were reliant on the regime to transfer data to the United States, and has caused political shockwaves on both sides of the Atlantic. As it nears four months since the European Court of Justice's judgment in Maximillian Schrems v Data Protection Commissioner (C-362-14) was handed down, we explore the current status of "Safe Harbor 2.0" and outline steps that your business may need to take.
Delays to Safe Harbor 2.0 In October 2015, we reported that a deadline of 31 January 2016 had been set for agreement to be reached on a new trans-Atlantic data-sharing arrangement between the EU and United States. Coinciding with this date, EU data protection authorities set a deadline for companies previously Safe Harbor-certified to put alternative data transfer mechanisms in place. As the deadline for a political agreement looms, it seems more and more likely that it will be missed. Since it would take time for businesses to become certified under a new Safe Harbor regime, it is now essential that businesses implement interim measures to avoid being at risk of enforcement action.
Safe Harbor negotiations Negotiations between political representatives from both sides of the Atlantic are key to resolving the current difficulties faced by companies transferring data from the EU to the United States. In the absence of an official statement from either side, drip-fed statements are creating an interesting picture.
In early January, Edith Ramirez, chairwoman of the Federal Trade Commission (FTC), stated she was optimistic that a solution to the situation would be agreed by the end of January. On the United States' part, the Judicial Redress Act is a major roadblock to progress. On 21 January, it was announced that a vote on the Act scheduled for 22 January was to be delayed. It is suggested that the delay is the result of amendments to a section of the Act that deals with litigation.
The Act is significant as it would allow European citizens to bring actions in the United States for violations of their privacy rights. It is one of the cornerstones to a new Safe Harbor agreement as the EU seeks assurances over how its citizen's information will be treated. On 18 January, Věra Jourová, the EU Justice Commissioner, warned that guarantees for "effective judicial control of public authorities' access to data for national security, law enforcement and...