European Commission Issues Guidance on Data Transfers to US after Safe Harbor Ruled Invalid

 Safe-Harbor

Written By ESR News Blog Editor Thomas Ahearn

The European Commission has issued guidance on transatlantic data transfers and is urging the establishment of a new data transfer agreement within three months after an October 6, 2015 ruling by the European Court of Justice invalidated the Safe Harbor pact allowing data transfers between the European Union (EU) and the United States (US), according to a European Commission press release.

The guidance will address data transfers between the EU and US until a new framework replaces the invalidated Safe Harbor pact. The guidance analyzes the consequences of the judgement and sets out the alternative mechanisms for data transfers to the U.S. The Commission is also working with the independent data protection authorities to ensure a uniform application of the ruling.

Since January 2014, the European Commission has worked to make data transfers safer for European citizens on the basis of 13 recommendations. Following the ruling invalidating Safe Harbor, the Commission stepped up negotiations with the U.S. on a new data transfer network and hopes to conclude these discussions within three months stressing the following points:

  • The Safe Harbor arrangement can no longer serve as a legal basis for transfers of personal data to the U.S.;
  • The Commission will continue and finalize negotiations for a renewed and sound framework for transatlantic transfers of personal data, which must meet the requirements identified in the Court ruling, notably as regards limitations and safeguards on access to personal data by U.S. public authorities;
  • Other adequacy decisions will need to be amended, to ensure that Data Protection Authorities (DPAs) remain free to investigate complaints by individuals.

“We need an agreement with our U.S. partners in the next three months,” Andrus Ansip, Vice-President for the Digital Single Market on the European Commission, stated in the press release. “The Commission has been asked to take swift action: this is what we are doing. Today we provide clear guidelines and we commit to a clear timeframe to conclude current negotiations.”

As reported earlier on the ESR News Blog, the ruling invalidating the Safe Harbor data transfer agreement stems from the case of Maximillian Schrems v. Data Protection Commissioner where an Austrian citizen and Facebook user lodged a complaint with the Irish supervisory authority about data provided to Facebook being transferred to servers located in the U.S. for processing.

The complaint by Schrems claimed the U.S. did not offer enough protection against surveillance by government authorities of data transferred to that country after revelations made by former National Security Agency (NSA) contractor Edward Snowden. With Safe Harbor invalid, data privacy regulators in each EU nation will be able to examine claims by people such as Schrems.

esr-fast-accurate-economical-ad

Employment Screening Resources® (ESR) “The Background Check Authority®” has announced the completion of the SOC 2® Type 2 Data Security Audit that confirms ESR meets standards set by the American Institute of Certified Public Accountants (AICPA) to protect the security, confidentiality, and privacy of consumer data. To learn more, visit www.esrcheck.com/SOC-2/.

© 2015 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.