centre of attention
ALL AT SEA?
More than six months after the EU’s highest court found the Safe Harbor data pact to
be invalid, Kate Brimsted of Reed Smith LLP asks whether the rules on data transfers
between the EU and the US are any clearer.
W
e wrote in
December about
the immediate
impact of a
judgment by the
European Court of Justice (CJEU), on
the EU-US Safe Harbor framework.
Some 4,500 US companies were
signed up for the Safe Harbor
scheme and they - not to mention
their many thousands of customers
and business partners - were left
scratching their heads as the legal
mechanism for transferring EU
12
personal data across the Atlantic was
rendered invalid overnight. Here, we
take a brief look at how businesses
have been managing the resulting
legal uncertainty which potentially
goes to the heart of their operations.
From ‘Harbor’ to ‘Shield’
EU data protection law (prin cipally
the Directive 95/46/EC, Article 25)
imposes restrictions on companies
in the EU when it comes to sending
personal data to countries which
lack adequate data protection laws.
The US is considered to be one
such ‘inadequate’ country in data
protection terms and so, in order
to create a commercially appealing
way for US organisations to achieve
an enhanced level of protection for
personal data and to overcome the
restrictions, the Safe Harbor scheme
was born.
Following the CJEU’s judgment,
the European data protection
authorities agreed to a short
‘moratorium’ on enforcement
against companies relying on Safe