US EU Safe Harbor Data Transfer Pact Ruled Invalid

SafeHarborTop

SafeHarborBottom

Written By ESR News Blog Editor Thomas Ahearn

The European Court of Justice (ECJ) has ruled that a 15-year-old international agreement called Safe Harbor that allowed companies to transfer the digital data of individuals between the United States (US) and the European Union (EU) is immediately invalid, according to a press release from the ECJ.

The ruling declared invalid a July 26, 2000 decision by the European Commission to bridge differences in approaches to privacy between the European Union and United States by developing a Safe Harbor framework for privacy regulation with the consultation of the U.S. Department of Commerce.

The ruling stems from the case of Maximillian Schrems v. Data Protection Commissioner where an Austrian citizen and Facebook user lodged a complaint with the Irish supervisory authority about data provided to Facebook being transferred to servers located in the United States for processing.

The complaint claimed the United States did not offer sufficient protection against surveillance by government authorities of data transferred to that country in light of the revelations made by defector Edward Snowden concerning the surveillance activities of the U.S. intelligence services.

With Safe Harbor invalid, data privacy regulators in each EU nation will be able to examine claims by people like Schrems who are concerned with the protection of personal data sent to a country where the laws and practices in force in that country may not ensure an adequate level of privacy protection.

“Legislation permitting the public authorities to have access on a generalized basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life,” the ECJ stated in a press release about the Safe Harbor ruling.

“We are deeply disappointed in today’s decision from the European Court of Justice, which creates significant uncertainty for both U.S. and EU companies and consumers, and puts at risk the thriving transatlantic digital economy,” U.S. Secretary of Commerce Penny Pritzker said in a statement.

The full text of the judgment by the European Court of Justice (ECJ) ruling Safe Harbor invalid in Maximillian Schrems v. Data Protection Commissioner, Case C-362/14 (October 6, 2015) is available at www.esrcheck.com/file/ECJ-Ruling-Safe-Harbor-Invalid.pdf.

ESR SOC 2 Audit Report Ensures Data Privacy

Employment Screening Resources® (ESR) is closely monitoring the Safe Harbor situation and is developing a response to assist our clients. ESR has announced the successful completion of 2015 SOC 2® Type 2 Data Security Audit that confirms ESR meets standards set by the American Institute of Certified Public Accountants (AICPA) to protect the security, confidentiality, and privacy of consumer data used for background checks. To learn more, visit www.esrcheck.com/SOC-2/.

© 2015 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.