Out-Law News 2 min. read

EU privacy watchdogs expected to assess 'safe harbour' replacement on 2 February


Data protection authorities from across the EU are expected to meet on 2 February to discuss further the issue of transfers of personal data from the EU to the US, according to a Reuters report.

In October last year the Court of Justice of the EU ruled that a framework that facilitates the flow of personal data from the EU to the US was "invalid". Concerns about the regard given to privacy in US legislation on communications surveillance were highlighted in the CJEU's judgment on the 'safe harbour' framework.

The ruling prompted EU policy makers to open up talks with their counterparts in the US aimed at addressing the issues identified and agreeing a new framework to support trans-Atlantic data flows.

The CJEU's ruling meant companies previously dependent on complying with the 'safe harbour' requirements have had to look to alternative legal mechanisms to continue transferring personal data to the US from the EU. However, the judgment has prompted debate about whether alternative mechanisms for transferring personal data from the EU to the US actually provide for adequate data protection, as required by EU law, as a result of the concerns referred to by the CJEU.

The Article 29 Working Party, a committee made up of representatives from DPAs across the EU, is currently reviewing other mechanisms enabling data transfers ,including model contract clauses and binding corporate rules, in light of the CJEU ruling. It previously called on EU and US officials to "find political, legal and technical solutions enabling data transfers to the territory of the United States that respect fundamental rights" by the end of January 2016.

Reuters has reported that the Working Party will meet on 2 February in a bid to adopt a common position across the national DPAs on the grounds on which transfers of personal data from the EU to the US can continue. It is not yet clear whether EU and US officials will have presented a revised safe harbour framework, 'dubbed 'safe harbour 2.0', for consideration by the group at its meeting.

In the aftermath of the CJEU's judgment in October last year, the Working Party said that the national watchdogs "consider that it is absolutely necessary to have a robust, collective and common position on the implementation on the judgment". It said that the DPAs are "committed to take all necessary and appropriate actions, which may include coordinated enforcement actions" if EU and US policy makers failed to address concerns about the flow of personal data from the EU to the US before the end of January.

Reuters has separately reported that a number of business groups have written to EU and US officials urging them to find agreement on the issue of EU-US data transfers.

According to the news agency, the US Chamber of Commerce, BusinessEurope, DigitalEurope and the Information Technology Industry Council said: "This issue must be resolved immediately or the consequences could be enormous for the thousands of businesses and millions of users impacted."

The groups requested that businesses, especially SMEs, be given a transitional period to adapt to any safe harbour 2.0 that is put in place.

In November, in response to the CJEU's ruling on the safe harbour framework, the European Commission published guidance for businesses on how to remain compliant with EU data protection laws when transferring personal data outside of the EU.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.