This week, the Court of Justice of the EU (CJEU) ruled that the current U.S.-EU Safe Harbor Program is no longer a valid method for ensuring adequacy under EU Data Protection Directive 95/46/EC for international data transfers. U.S.-EU Safe Harbor had been in place since 2000 and more than 4,000 U.S. companies relied on the framework.
Until the Department of Commerce and the European Commission can finalize a new Safe Harbor framework, many businesses are left wondering what to do.
We invited attendees to send in their questions in advance and were flooded with responses. Today’s webinar tackled these questions as Chris Babel, and Andrea Glorioso and Aymeric Dupont from the European Union Delegation to the USA discussed what other options companies have without Safe Harbor.
The speakers provided a lot of insight and answered a number of viewer questions. Read excerpts from a few responses below:
Q: What is the anticipated timeline for enforcement?
A: “The ruling of the court is effective immediately. The general principles — that the court highlighted and therefore they became part of European Union law — they’re effective today.” – Andrea Glorioso
Q: From the point of view of small companies, would you advise letting the Googles, Amazons and Facebooks lead the way here?
A: “This is an issue for everyone and while different resources can be expended against it based on your size and scope, that also typically represents the size and scope of the data that you might be transferring and the efforts it might take to think through these things, but it’s a dramatic enough change it has broad reaching implications such that hoping it goes away and hoping that big people that have higher risk profiles with higher data being moved to get in trouble first…The ostrich plan is not a good one.” – Chris Babel
Q: Do you think version 2.0 is around the corner? If not, in what timeframe do you think that will be released?
A: “We have been discussing with America about a revised Safe Harbor but whatever we come up with now, it will have to be compatible, it will have to respect the parameters that the European Court of Justice has given us with with this ruling. We cannot give you timing for that except to say that we certainly have a common interest to find a new mechanism that is as efficient as Safe Harbor but at the same time respects European Union citizens’ rights in the way which the European Court of Justice told us.” – Andrea Glorioso