Safe Harbor

Safe Harbor 2.0 – Is It Happening?

By John Tomaszewski on January 19, 2016

Posted in Consumer Privacy, Employee Privacy, EU Privacy Law, International Privacy Law, Privacy Legislation, US Privacy Law

It is the beginning of 2016, and American companies are anxiously awaiting news of whether or not a new “Safe Harbor 2.0” will emerge. In October of 2015, the European Court of Justice declared invalid Safe Harbor 1.0 in the Schrems decision. This had an immediate effect on any American company collecting personal data from the EU by removing the legal basis for this kind of data transfer. As of October 2015, consumer, client, and even employee data cannot be legally transferred to the US under the Safe Harbor Framework.

Fortunately, the data protection regulators (“DPAs”)recognized the turmoil this decision created within the business community on both sides of the Atlantic. As a result, the Article 29 Working Party (which is the convention of DPAs from each of the EU Member States) issued an enforcement moratorium on enforcement actions until the end of January 2016, so that they could assess the effectiveness of data transfer tools available. As part of this moratorium, the Working Party called on “…Member States and European institutions to open discussions with U.S. authorities in order to find legal and technical solutions”; and that the “current negotiations around a new Safe Harbor could be part of the solution.”
Continue Reading Safe Harbor 2.0 – Is It Happening?

Safe Harbor – Not so Safe After Schrems

By John Tomaszewski on October 6, 2015

Posted in Consumer Privacy, Employee Privacy, EU Privacy Law, International Privacy Law, Privacy Legislation, Privacy Litigation, US Privacy Law

Today the European Court of Justice (“ECJ”) issued its Judgment in the Schrems case, and in doing so, added another tremor to the ongoing seismic shift related to cross-border privacy law. The two major elements of today’s Judgment are: 1) that Commission Decision 2000/520/EC of 26 July 2000 of the adequacy of the protection provided by the US Safe Harbor Framework (the “Safe Harbor Decision”) is invalid, and 2) even if the Safe Harbor Decision were otherwise valid, no decision of the Commission can reduce the authority of a national data protection authority to enforce data protection rights as granted by Article 28 of Directive 95/46/EC (the “DP Directive”).

Clearly, the first element brings a more immediate concern for all the companies participating in the Safe Harbor framework. However, the second element will have much longer term consequences for the stability of US-EU commerce and privacy law.
Continue Reading Safe Harbor – Not so Safe After Schrems

Menu

The Global Privacy Watch

Safe Harbor

Safe Harbor 2.0 – Is It Happening?

Safe Harbor – Not so Safe After Schrems

About Seyfarth's Global Privacy Watch Team