US-EU Safe Harbour data protection relationship is invalid

[et_pb_section admin_label=”Section” global_module=”136″ fullwidth=”on” specialty=”off” transparent_background=”off” background_color=”#ffffff” allow_player_pause=”off” inner_shadow=”off” parallax=”off” parallax_method=”off” padding_mobile=”off” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” make_equal=”off” use_custom_gutter=”off”][et_pb_fullwidth_code global_parent=”136″ admin_label=”Post Header”][Page_Header_Start] Employment Law News[Page_Header_End][/et_pb_fullwidth_code][/et_pb_section][et_pb_section admin_label=”section”][et_pb_row admin_label=”row”][et_pb_column type=”3_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]

US-EU Safe Harbour data protection relationship is invalid

[post_details]

[Social-Share]

[post_tags]

“Too many foreigners in the English game” has been cited by the Brazilian football legend Carlos Alberto as a reason for the English

As has been well-publicised, the US ‘Safe Harbour’ principles have been found to be insufficient protection against breaches of human rights occurring when data is transferred out of the EU to the USA.

Maximillian Schrems is an Austrian Facebook user living in Austria. As Facebook’s system is set up such that all EU users enter into a contract with Facebook Ireland (a subsidiary of the US parent) Mr Schrems made a complaint to the Irish Data Commissioner about his personal data being transferred from the EU to the USA to be processed. Mr Schrems argued that the Safe Harbour principles, by which non-EU data controllers self-certify that they are compliant with EU data protection law, do not provide adequate protection for his data, particularly given the revelations from Edward Snowden regarding mass governmental surveillance. The Irish High Court found that there had been a “significant over-reach” by the NSA and other federal agencies, and referred the matter to the European Court of Justice.

The ECJ overruled an earlier European Commission decision which had approved the Safe Harbour regime, holding that the US system fails to provide any guidance as to the measures by which data will be processed, nor does it provide any legal redress for data subjects following misuse of their data. It also noted that public authorities in the US are not required to comply with the Safe Harbour principles.

Whilst First-Vice President Timmermans of the European Commission has stressed that data transfers between the EU and US can continue under other data protection provisions in the wake of this decision, it is not clear what provisions he intended to refer to. It appears that the impact of this decision will leave the legal position for non-EU data controllers somewhat more precarious until a resolution is secured. That said, in practice the impact of the decision may be less significant than it first appears, as multinationals often seek express consent for data to be transferred out of the EU and in practice the Commission has indicated there will be no prosecutions for the routine transfer of data until a resolution is achieved.

Schrems (Judgment) [2015] EUECJ C-362/14

 

[/et_pb_text][/et_pb_column][et_pb_column type=”1_4″][et_pb_sidebar admin_label=”Sidebar” orientation=”right” area=”sidebar-1″ background_layout=”light” remove_border=”off”] [/et_pb_sidebar][/et_pb_column][/et_pb_row][/et_pb_section]