Since the EU court´s ruling last October that the EU-US deal on transfers of personal data is illegal, there is formally an obligation by national data protection authorities to assess individual complaints concerning protection of data transferred to the US (other possibilities for continuation of data transfers exist, though not as legally robust as Safe Harbor). Such investigations would have big negative implications, therefore the 28 national authorities agreed not to investigate individual claims until 31 January 2016, thus giving the European Commission time to finish a new Safe Harbor, which was sought even before the Court ruling. The EU court stated that due to US legislation enabling invasion of privacy by national security services, EU citizens´ data are not sufficiently protected in the US. The US have nevertheless provided many safeguards for EU citizens, e.g. granting them same status as US citizens when assessing data privacy. As of 31 January, this was not enough for the EC and thus there was still no New Safe Harbor. If negotiators reach a last-minute deal, the national authorities will probably extend their grace period for the EC until it is implemented. If not, however, and this outcome seems more probable as of 31 January, national investigations into data privacy could bring much uncertainty to the industry. Some companies have already started investing in EU data storage capacities – which entails high unnecessary costs.
For more, click here.
Max Schrems on new Safe Harbor. View video.
Read also:New York Times article U.S. and Europe Fail to Meet Deadline for Data Transfer Deal, Inside Trade article Data Regulators Slated to Weigh in on Safe Harbour Efforts next week (attached), Politico article 8 things you need to know about the safe harbor deadline.
20th February 2019
25th January 2019