Safe Harbor 2 deal announced

By Phil Brining

The eagerly awaited Safe Harbor (re-) arrangement between the EU and US was announced late last night with more specific detail to follow.  Safe Harbor is the scheme and mechanism by which EU based data controllers are permitted to transfer and process personal data to/in the USA.

The European Court of Justice (ECJ) ruled Safe Harbor as invalid in October last year effectively making data transfers to the US by EU data controllers unlawful.  Regulators across Europe threatened to take legal action against such data controllers as of February 2016 unless an alternative mechanism was put in place. I’ve been biting my nails all week waiting for the announcement and was relieved that Safe Harbor 2 (SH2) deal has been hammered out.  I look forward to reading more details about it and reviewing how it fits with the Articles in the new General Data Protection Regulation.  The message to take away from this I think is that the initial panic is probably over and transfers relying on Safe Harbor are not now necessarily unlawful.  However, you would be advised to re-evaluate all such transfers to see if SH2 provides the necessary and appropriate levels of protection for your US data transfers.

I’ve not yet found any announcement on the websitesbut here are a couple of links to stories about the announcement – just in case you think I dreamt it!!

Phil Brining

3rd February 2016

Contact Us

Send us a Message

Data Protection Project
GDPR Gap Analysis/Audit/Review
Outsourced Privacy Officer/DPO
Support Desk
SAR Support
Cyber Maturity Assessment
NIS Regulations
Information Governance Documentation
DataWise System

We are always happy to make contact with you by either phone, email or a face to face meeting at our office or yours. We work standard UK office hours – every week day 0830 to 1730.


We have been advising those people who have contacted us that they should make a complaint to the Information Commissioner’s Office (ICO) using this link  It would be helpful to the ICO if you knew the number that called you, the date and time of the call and what the call seemed to be about.

You might also want to register your phone number with the telephone preference service (TPS), a national suppression service which should cut down calls of this nature as it is not lawful to make unsolicited direct marketing calls to numbers registered on the TPS.  You can register your number here

We know that these kind of calls can be distressing and intrusive and you have our sympathy.  Please do not hesitate to contact us if you would like to discuss it with us otherwise we’d encourage you to report it to the ICO as notifying them of this kind of practice enables them to investigate and take enforcement action where necessary.  You can see the action that has been taken by the ICO here

Data Protection People Limited – March 2021