Wolf Theiss

SAFE HARBOUR INVALID: WHAT SHOULD BE CONSIDERED NOW

Yesterday, the CJEU has issued its highly awaited ruling on the Safe Harbour framework. The Court declared the Safe Harbour decision invalid because it restricts national supervisory authorities' power to ensure compliance with the Data Protection Directive 95/46/EC when reviewing requests for clearance of data transfers to Safe Harbour certified companies in the USA. Now what does this mean for affected businesses ranging from online retailers, cloud users or providers, to group companies with inter-group transfers to the USA?

MAY NATIONAL SUPERVISORY AUTHORITIES SUSPEND DATA TRANSFERS TO THE USA? ARE THERE OTHER RISKS?

Yes, The CJEU highlighted that a local data protection authority (DPA) may suspend the data transfer to the USA if it believes that personal data are not adequately protected. Close cooperation with the local authority may be a key factor if an authority decides to take immediate actions against a company already relying on the Safe Harbour.

Further, it cannot be excluded that Safe Harbour certified companies will face troubles from employees or works councils, or even be targeted by data protection activists who could try to stop further data exports with immediate effect by way of injunctive relief before national courts. It will be necessary to assess for each company individually its exposure to enforcement, and to take remedial steps as quickly as possible. (...)

For further information please contact

Barbara Fürchtegott
Barbara
Fürchtegott
Public Relations & Communications Manager
T. +43 1 51510 3808
Schubertring 6
1010 Vienna
Austria

Find a Lawyer

Top