EU Court Declares Safe Harbor Data Transfer Agreement Invalid

October 7 2015

Since 2000, the United States and the European Union have operated under a "Safe Harbor" policy agreement that permitted US companies to transfer personal data of EU citizens under a streamlined set of guidelines in satisfaction of the European Commission's Directive on Data Protection. On October 6, 2015, the Court of Justice of the European Union ruled that national regulators can override the Safe Harbor pact, holding that the Safe Harbor agreement violates the privacy rights of EU citizens due to allegedly indiscriminate surveillance by the US Government.

This ruling calls into question the framework currently used by approximately 4,500 companies that have opted into the Safe Harbor program, under which such companies have hosted and shared the data of EU citizens, including suppliers, customers, and employees. Under the previous Safe Harbor framework, all EU member states were bound to honor the Safe Harbor program, US companies (as well as EU companies operating in the US) that were certified under the program were recognized as providing "adequate" privacy protection under the European Commission's Directive on Data Protection, and compliance with the Safe Harbor principles were reviewable and enforceable within the US legal system. With the Court of Justice's ruling, each EU member state's national regulators now have ability to scrutinize the data practices of a given company under that member state's law, and to enforce any violations in European courts.

Without a comprehensive agreement, the regulatory environment in Europe faces potential fragmentation and complication, which in turn could raise the cost of compliance. While other methods for legal data transfers involving the personal data of EU citizens do exist, they are more cumbersome than the requirements of the Safe Harbor program. Ultimately, any US business that handles the data of EU citizens, or utilizes US-based cloud services to host such data, should contact counsel to review any contracts that relate to such data to ensure they conform to EU member state requirements or are otherwise approved by relevant regulators.

If you have any questions about data privacy and regulatory compliance, please contact one of our information technology attorneys. Click here to view the full text of the ruling of the Court of Justice.

Firm Highlights
News

Lauren R. Carey Creates New Blog for Social Media Influencers

More
News

Michael D. Mulligan Publishes Article in ACTEC Law Journal Comparing Sales to an Intentionally Defective Irrevocable Trust and a to Beneficiary Intentionally Defective Irrevocable Trust

More
Client Alert

OSHA’s New Guidance Regarding Indoor Mask Wearing, COVID-19 Vaccination Mandates, Regular Testing of Unvaccinated Workers, and More

More
News

Michael R. Thiessen Recognized as Pro Bono Spotlight by KCMBF for August

More
Diversity & Inclusion

Golf Foundation of Missouri Awards First Larry L. Deskins, Sr. Scholarship

More
News

Claims Filed for Compensation in North Carolina Ecusta Trail Rail-to-Trail Case

More
News

Lewis Rice Recognized as Top M&A Firm by BTI Consulting Group

More
Client Alert

Property Owners Can Push the Issue Under Illinois Mechanic’s Lien Law

More
Client Alert

FTC Adds Teeth to the ‘Made in USA’ Rule

More
Client Alert

Missouri Now Requires Employers to Provide Leave and Accommodations for Victims of Domestic and Sexual Violence

More
News

Brian P. Pezza Quoted in SHRM Articles on Employee Vaccination Status Disclosure and Employer Vaccination Policies

More
News

Neal F. Perryman Named to Missouri’s POWER List in Employment Law by Missouri Lawyers Media

More
News

Lewis Rice Wins $1.5 Million in Compensation for Covington Landowners

More
News

Four Lewis Rice Attorneys Named 2022 “Lawyer of the Year” by Best Lawyers

More
News

David W. Sweeney Represents Advantes Group in $7.2 Million Apartment Project

More
Client Alert

Supreme Court Limits Ability to Compel Access to Private Property Without Compensation

More
Client Alert

First-Issued Interim Final Rule Gives Guidance on No Surprises Act

More
Client Alert

FTC Reverses Course on Treatment of Debt Payoff Under HSR Act

More
News

61 Lewis Rice Attorneys Named Best Lawyers for 2022, 16 Named Ones to Watch

More
News

John C. Bodnar Named BTI M&A Client Service All-Star

More