EU Data Transfers: Considering Your Options After Today's Article 29 Working Party Statement. Home > International/EU Privacy > EU Data Transfers: Considering Your Options After Today’s Article 29 Working Party Statement The EU’s Article 29 Working Party issued a statement today on the recent Schrems decision invalidating the adequacy of the EU-U.S.
Safe Harbor framework, emphasizing that affected businesses should start to put in place legal and technical solutions in a timely manner to meet EU data protection standards. The statement gave a January 2016 deadline for companies to come into compliance with the ruling, at which point EU data protection authorities would be “committed to take all necessary and appropriate actions, which may include coordinated enforcement actions.” EUstara on Twitter. Safe Harbor Invalidated – What Next? On 6 October 2015, the Court of Justice of the European Union (CJEU) declared the EU-US Safe Harbor framework invalid as a mechanism to legitimize transfers of personal data from the EU to the US.
This decision effectively leaves any organisation that relied on Safe Harbor exposed to claims that such data transfers are unlawful. Safe Harbor was jointly devised by the European Commission and the U.S. Department of Commerce as a framework that would allow US-based organisations to overcome the restrictions on transfers of personal data from the EU. Following a dispute between Austrian law student Max Schrems and the Irish Data Protection Commissioner, the CJEU was asked to consider whether a data protection supervisory authority was bound by the European Commission’s decision that Safe Harbor provided an adequate level of protection for European data. What is the practical effect of the decision?