The last weeks have been tough in the privacy world… The decision of the CJEU declaring "Safe Harbor" invalid was quite a shock for most companies which relied on the framework in the past for US data transfers.
New framework for data transfers
The Art. 29 WP stated two weeks ago that a new framework for data transfers from Europe to the US has to be negotiated. Until then, EU model clauses and consents of data subjects are the only way to secure data transfers to the US. The Art. 29 WP gave a grace period until January 2016. Then, companies could face action from European privacy regulators if the European Commission and United States did not come up with a new system until then.
Agreement within reach?
But what will happen then? Will a new framework be in place which complies with the high standards of European data protection law?
Well, according to some privacy experts, a new transatlantic data-sharing agreement is within reach, Reuters reports.
The so-called “Safe Harbour 2.0” agreement currently being negotiated would meet European concerns about the transfer of data to the United States, U.S. Secretary of Commerce Penny Pritzker told journalists in Frankfurt on Thursday during a visit to Germany.
“A solution is within hand. We had an agreement prior to the court case. I think with modest refinements that are being negotiated we could have an agreement shortly. The solution … is Safe Harbour 2.0, which is totally doable.”
EU Justice Commissioner Vera Jourova told a parliamentary committee this week that she hoped to have made progress on “intensive technical discussions” with her U.S. counterparts before a visit to Washington DC in mid-November.
New bills in the US
In the US, the the Judicial Redress Act has been passed in the House of Representatives recently which will enable foreign citizens to have the same legal rights as U.S. citizens if law enforcement violates their personal privacy rights. This is a good sign regarding a new data transfer agreement.
Companies think about moving data
While the EU and the US are still negotiating, companies in the US have to decide how to deal with the new situation.
Wall street journal reports that companies start to think about moving data to Europe.
“The risk that alternative mechanisms may not be valid either is leading companies to explore data localization in Europe,”
said Christian Borggreen, international policy director for the Computer & Communications Industry Association, which represents companies including Amazon Inc., Facebook Inc. and Alphabet Inc. ’s Google.
Especially smaller firms see it as the easiest way to just move the data to Europe because other options – EU model clauses or consents from data subjects – now, after the Safe Harbor ruling, leave uncertainty regarding their legal validity…