Safe Harbor Replaced With Privacy Shield
The eagerly awaited Safe Harbor (re-) arrangement between the EU and US was announced late last night with more specific detail to follow. Safe Harbor is the scheme and mechanism by which EU-based data controllers are permitted to transfer and process personal data to/in the USA.
The European Court of Justice (ECJ) ruled Safe Harbor as invalid in October last year effectively making data transfers to the US by EU data controllers unlawful. Regulators across Europe threatened to take legal action against such data controllers as of February 2016 unless an alternative mechanism was put in place. I’ve been biting my nails all week waiting for the announcement and was relieved that Safe Harbor 2 (SH2) deal has been hammered out. I look forward to reading more details about it and reviewing how it fits with the Articles in the new General Data Protection Regulation. The message to take away from this I think is that the initial panic is probably over and transfers relying on Safe Harbor are not now necessarily unlawful. However, you would be advised to re-evaluate all such transfers to see if SH2 provides the necessary and appropriate levels of protection for your US data transfers.
I’ve not yet found an announcement on the Europa.eu websites but here are a couple of links to stories about the announcement – just in case you think I dreamt it!!
http://www.theregister.co.uk/2016/02/02/safe_harbor_replaced_with_privacy_shield/
Phil Brining
3rd February 2016