The ECJ ruled that a national authority has the mandate to investigate and decide whether the transfer of a person’s data to a third country complies with the requirements of the Charter. Are users affirmatively consenting to the data practices you’ve established?
Advertisement
Bottom line: the ECJ declared that the agreement was invalid because it did not in fact ensure privacy protection.
If none of these exceptions apply, a permit by the Data Protection Authority is required to be obtained prior to such a data transfer. The CJEU indicated that EU-US data transfers should not take place unless the U.S. government can only gain access to (and use) the data “for purposes which are specific, strictly restricted and capable of justifying” the privacy intrusion involved. Compliance with these provisions was enforceable at a court level. He acts for growth stage technology companies as an outside general counsel and has broad experience in privacy and information management.
“Overall, Vera Jourova’s statements showed willingness, but inability [of the commission] to come up with a solid master plan after Safe Harbor”, Mr. Schrems said on Twitter.
With existing legal frameworks governing data protection under continued pressure from the surveillance state – and new tech challenges to privacy pushing into the frame all the time, whether it’s from AI-powered big data processing or drone surveillance – the EFF et al are pressing the case for “a comprehensive privacy legal framework” – to offer robust consumer protection, and ultimately also create legal certainty for businesses. Hamburg’s data protection registrar will immediately begin auditing German subsidiaries of USA companies registered under the Safe Harbor agreement, and it could issue prohibition orders, it warned.
The CJEU highlights the fact (as revealed by the PRISM scandal) that U.S. authorities are lawfully permitted conduct large scale monitoring and collection. of European Union citizen’s personal data that has been transferred to the USA. You see, under European Union law it is prohibited to transfer to, or process personal data in, other parts of the world that do not provide what it called “adequate” privacy protections.
The court ruled that such self-certification failed in an era of mass surveillance by government intelligence agency dragnets – opening the door to individual reviews of data transfers by data protection authorities in individual European Member States.
The impact of this ruling is far reaching.
“Particularly after the Safe Harbor decision, the “Bridges report” is remarkably out of touch with the current legal reality and what we need to do to address it”, they write, criticizing the report for failing to recommend any “substantive changes in law”. They decided that, in the wake of the leaks from whistleblower Edward Snowden, Safe Harbour could no longer automatically be considered as a guarantee that firms provided that “adequate” protection they’re looking for. However, such clear guidance has not yet entered existence… In the case of complaints by individual data subjects such enforcement actions, however, are also possible earlier.
In practical terms, those relying on Safe Harbor should take immediate steps to implement their “Plan B”.
So use this recent development as a motivator to get your data protected so that you can continue to deliver the value you’ve made your business in.
Advertisement
The data watchdog of the United Kingdom has told schools they do not require to left top internet services despite anxieties in regards to the legality of continuing to make use of them.
![[Opinion] Safe Harbour invalidation puts EU data under quarantine](http://lidtime.com/wp-content/uploads/2015/10/Schools-can-continue-to-use-cl.jpg "[Opinion] Safe Harbour invalidation puts EU data under quarantine")
