European national data protection authorities to enforce ECJ Safe Harbour decision from 1 Feb 2016 | DMA

Filter By

Show All
X

Connect to

X

European national data protection authorities to enforce ECJ Safe Harbour decision from 1 Feb 2016

T-5624f7f98c8b2-eu-flags-800x_5624f7f98c7d8-2.jpg

Companies could be prosecuted following the European Court of Justice decision that Safe Harbour is invalid, from February 1 2016 according to Article 29 Working Party of European national data protection authoirities

On Tuesday 6 October the European Court of Justice dismissed so-called Safe Harbour, a system to allow US companies to process data that belongs to European citizens. According to the Article 29 Working Party of European national data protection authorities, while no action will be taken against companies now, enforcement action could begin from 1 February 2016 if there is no Safe Harbor 2.0 agreed with the US authorities by this date.

On Friday 16 October the Working Party called on the Member States and the EU institutions to continue discussions with the US authorities on negotiating a revised Safe Harbor 2.0 which will be compliant with European data protection legislation and the decision of the ECJ in the Safe Harbor case.

The ECJ invalidated the current Safe Harbor Agreement on a technical ground, but in reality the USA’s national security and intelligence services surveillance operations, as revealed by Snowden were behind the decision. For more details see here.

As pointed out in my earlier article, the problems of the USA’s national security and intelligence services surveillance operations are equally applicable to Binding Corporate Rules and model Contract Clauses.

The national data protection authorities consider that Model Contract Clauses and Binding Corporate Rules can still be used to transfer personal information to the USA, but the Working Party will continue its analysis on the impact of the ECJ decision on these transfer methods.

However, individual national data protection authorities can investigate transfers of personal information to the USA on the basis of specific complaints.

Members who currently use Safe Harbor to transfer personal information to the USA should review their use of Safe Harbor and consider the risks of transferring personal information to the USA in the light of the Snowden revelations.

They should document their thought processes in coming to a decision as to whether to put in place Model Contract Clauses or Binding Corporate rules as an interim solution.

The ICO has accepted this may take some time and therefore it is unlikely that it will take any enforcement action before 1 February 2016. However, putting your thoughts and decisions made in writing will demonstrate to the ICO that you are taking the matter seriously and not burying your head in the sand and ignoring the ECJ decision.

Hear more from the DMA

Please login to comment.

Comments

Related Articles

A new government brings new legislation, and in the world of marketing, data protection is always on the front line. We dissect the implications of these legislative changes, providing you with insights to navigate this regulatory landscape.

what uk marketers need to know DMA.png

This article is written by MBA Group Ltd.

priscilla-du-preez-tAnrp8P51tY-unsplash.jpg

Companies are re-evaluating their packaging to better serve their disabled customers. This article explores the latest innovations in accessible packaging.

burger package.jpg

Businesses must be ethical in their telemarketing practices to protect customers from unwanted, intrusive, or deceptive calls, ensuring their privacy and well-being are respected. Read how

Depositphotos_718680692_S.jpg