Repercussions of the EU Safe Harbor Ruling
October 22, 2015
CSG Media & Technology Alert
Last week, we advised readers of the EU’s determination to reject the Safe Harbor for personal data transfers from the EU nations to the U.S.
The repercussions of this ruling are already starting to be felt within and outside the EU.
The German State Data Protection Authority recently issued a statement that it will no longer permit data transfers to the U.S. based on Standard Contractual Clauses.
Israel, not part of the EU, had previously permitted data transfers to U.S. entities that were in compliance with the Safe Harbor requirements. In light of the EU’s October 6, 2015 ruling, Israel announced on October 19, 2015 that U.S. entities can no longer rely upon the Safe Harbor as the basis for transfers of personal data from Israel to the U.S. We may see other countries, which also had accepted the Safe Harbor as the accepted benchmark for personal data transfers to the U.S., now begin to question data transfers for their citizens’ personal information to the U.S.
Lending some (temporary) stability and guidance to this evolving situation, on October 20, 2015 the EU Data Protection Authorities, the European Data Protection Supervisor and the European Commission issued its guidance as to the impact of its October 6, 2015 ruling on the Safe Harbor for personal data transfers to the U.S.:
- U.S. companies cannot rely upon the Safe Harbor to claim compliance with EU data privacy requirements – and to do so is unlawful.
- For an interim period – which will end as of January 31, 2016 - Standard Contractual Clauses and Binding Corporate Rules are accepted means of compliance.
Accordingly, at least for the next 3 months, short of building – or leasing space in – a European based data center, the current, next best, and most efficient short-term alternative for U.S. entities may be to adopt the appropriate Standard Contractual Clauses, and to adopt procedures to implement same.
In the meantime, behind the scenes negotiations are ongoing between the U.S. and the EU to come to a new (alternative) safe harbor to resolve the current, seemingly tumultuous, status of personal data transfers from the EU to U.S. based entities.
For more information, please contact your Chiesa Shahinian & Giantomasi PC attorney.
Michelle A. Schaap | Member of the Firm | firstname.lastname@example.org | (973) 530-2026
Rhonda Carniol | Member of the Firm | email@example.com | (973) 530-2101