Posts Tagged: "safe harbor"

Safe harbor in the world of international digital data transfer has been a major topic of discussion in the tech world in recent weeks. Since 1998, data transferred from European citizens to American shores by U.S. tech companies have been regulated by the U.S.- EU safe harbor agreement. Under these rules, American companies have been able to make international data transfers if they can self-certify that they can keep the personal data of European citizens secure to the privacy standards of the European Union, which operates a much different data security regime than is implemented in the United States. These rules have come under the crosshairs of a recent ruling by the European Court of Justice, the EU’s highest court, which has invalidated the safe harbor agreement in light of revelations made by Edward Snowden on the data surveillance tactics of America’s National Security Agency (NSA).

The decision creates significant uncertainty for organizations who rely on Safe Harbor either for their own, internal data transfers, or because they use a service provider which, in turn, relies on Safe Harbor to provide adequacy for its transfers to the US. Alternative methods of addressing data transfers will be needed – such as implementing EU Commission approved data transfer agreements, or obtaining individual consent. Although the decision has invalidated Safe Harbor – with immediate effect – organizations will need to look to the reactions of national data protection authorities to determine how urgently to implement alternative data transfer solutions.