EU Court Of Justice Declares Safe Harbour Regime Invalid, Rendering A Large Number Of EEA-US Data Transfers Illegal - Privacy Protection

Thousands of European and US companies rely on Safe Harbour certification in order to legally transfer personal data from the EEA to the US. At this moment, over 4,500 US companies are Safe Harbour certified. Many other EU-based companies, use Safe Harbour certified service providers.

In its judgment of 6 October 2015, the EU Court of Justice

declared the decision of the European Commission establishing the 'adequacy' of the Safe Harbour certification system for EEA-US data transfers, invalid; and
expressly confirmed that national data protection authorities may still investigate a complaint alleging that a third country does not ensure an adequate level of personal data protection and, where appropriate, suspend/prohibit the transfer of that data, notwithstanding any adequacy finding by the European Commission.

This judgment has far-reaching consequences for anyone in the EEA transferring personal data to the US based on Safe Harbour. Not only will a US entity's Safe Harbour certification cease to be a valid legal basis for data exports to the US, data exports to other non-EEA countries (considered by the European Commission to have an adequate level of protection) will also be susceptible to scrutiny by the national data protection authorities.

Click here to read more.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

European Union: EU Court Of Justice Declares Safe Harbour Regime Invalid, Rendering A Large Number Of EEA-US Data Transfers Illegal

Login to Mondaq.com

Why Register with Mondaq

Your Organisation