The negotiations between the European Union and US became more urgent after the court’s ruling, which raises questions about how much legal certainty a new version could bring businesses because it enshrines the power for national data protection authorities to independently review, and potentially suspend, data transfers to the U.S. It’s no wonder then that governments are increasingly focused on consumer protection when it comes to the use of that personal data. These specific countries that have an adequate general level of data protection are stipulated by special ordinance issued by the federal chancellor (such ordinances, however, only cover a small selection of countries like Switzerland).
Advertisement
If none of these exceptions apply, a permit by the Data Protection Authority is required to be obtained prior to such a data transfer.
Strictly limiting the circumstances in which government authorities can gain access to and use surveillance data.
“Overall, Vera Jourova’s statements showed willingness, but inability [of the commission] to come up with a solid master plan after Safe Harbor”, Mr. Schrems said on Twitter.
Safe Harbour previously allowed US-based companies to host European data in American datacentres without it being subject to seizure and meaning it adheres to EU data protection regulations without being physically stored on European soil.
Data protection authorities in Germany earlier this week outlined their views on EU-US data transfers in light of the CJEU’s judgment. Companies need to go back to how they have collected the data and what agreements they have entered into with users. Companies can also adopt new corporate rules for handling European data, he added.
Companies have subsequently been scrambling for alternate legal frameworks to legitimise this transfer. The current Safe Harbor data-sharing agreement is used by around 4,000 companies to facilitate data transfers between the two territories. “The Safe Harbor can still play a role here”.
That dire warning came after European data protection regulators (including the ICO) met in Brussels in mid October to consider the implications of the CJEU decision.
Meanwhile, the European Union has given itself until January to negotiate a new deal with the United States before, like Russian Federation, the European Union moves to totally suspend data transfers. The case was triggered by an Austrian law student who had complained to the Irish data privacy watchdog that the accord allowed U.S. security services to get unfettered access to Facebook Inc. customer information once it’s sent to the US. They warned companies still relying on Safe Harbor that they are now operating illegally, and urged them to consider what technical or legal steps they need to take to protect the personal data they handle.
He described how the CJEU effectively removed the assurance that European businesses had if they transferred personal data to the United States. This does not mean that local DPCs can ignore Commission Decisions – it is for the CJEU only to review these decisions.
What are the consequences now Safe Harbor is invalid?
The impact of this ruling is far reaching. However, such clear guidance has not yet entered existence… “Indeed, individuals may be easily induced to give their consent to the transfer of their data to destinations where there is little or no protection when the safe harbour does at least provide them with a few genuine protection even if such protection is imperfect”.
Advertisement
What could such “Plan B” consist of? It is probably necessary to implement a “combination” of several such measures. The order of the day is to act quickly!
![[Opinion] Safe Harbour invalidation puts EU data under quarantine](http://lidtime.com/wp-content/uploads/2015/11/US-Commerce-secretary-says-new.jpg "[Opinion] Safe Harbour invalidation puts EU data under quarantine")
