HB Ad Slot
HB Mobile Ad Slot
Privacy Safe Harbor for US/EU Data Transfers is Abolished
Thursday, October 8, 2015

Hold onto your hat, but, on October 6, 2015, the Court of Justice of the EU abolished the safe harbor on which US companies rely for transfers of data between the US and EU.  So, as of today, if you are transferring “personal data” between the US and the EU and you are relying on the safe harbor to do so, you are no longer in compliance with the EU Data Protection Directive.  Full Stop.  If this describes your company, here is what you need to do next.

Since you can no longer rely on the safe harbor, you will have to do the following:

1. Intercompany Transfers:  If the data transfer is between companies belonging to the same multinational corporation, then you can get back into compliance by adopting “binding corporate rules” and getting them approved by the national “data protection authority.”  The problem with this approach is that it may take 18 months to get such approval.  If you can’t put all data transfers on hold that long, see option 2 below.

2.  Transfers Between Unaffiliated Companies.  For all other transfers, the parties will have to enter into “standard contractual clauses.”  There are three types of standard contractual clauses, so you will have to pick which ones apply to your roll as either a data “controller” or a data “processor” or both.

3.  Comply.  One last thing.  Once you’ve adopted approved binding corporate rules or entered into standard contractual clauses, you will actually have to comply with them.  This may have far reaching implications for internal policies and practices.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins