DCN June 2016 | Page 12

centre of attention ALL AT SEA? More than six months after the EU’s highest court found the Safe Harbor data pact to be invalid, Kate Brimsted of Reed Smith LLP asks whether the rules on data transfers between the EU and the US are any clearer. W e wrote in December about the immediate impact of a judgment by the European Court of Justice (CJEU), on the EU-US Safe Harbor framework. Some 4,500 US companies were signed up for the Safe Harbor scheme and they - not to mention their many thousands of customers and business partners - were left scratching their heads as the legal mechanism for transferring EU 12 personal data across the Atlantic was rendered invalid overnight. Here, we take a brief look at how businesses have been managing the resulting legal uncertainty which potentially goes to the heart of their operations. From ‘Harbor’ to ‘Shield’ EU data protection law (prin cipally the Directive 95/46/EC, Article 25) imposes restrictions on companies in the EU when it comes to sending personal data to countries which lack adequate data protection laws. The US is considered to be one such ‘inadequate’ country in data protection terms and so, in order to create a commercially appealing way for US organisations to achieve an enhanced level of protection for personal data and to overcome the restrictions, the Safe Harbor scheme was born. Following the CJEU’s judgment, the European data protection authorities agreed to a short ‘moratorium’ on enforcement against companies relying on Safe