Is 'Safe Harbor' No Longer Safe? EU To Review Regime For Personal Data Transfers To The US

Author:Ms Belinda Doshi and Robyn Chatwood
Profession:Nabarro LLP

Summary and implications

In a dramatic announcement on 19 July, EU Commissioner Viviane Reding stated that the European Commission will be reviewing its Safe Harbor Agreement with the US. This review will be keenly awaited by many companies and other organisations who presently rely on the Safe Harbor Agreement to lawfully transfer personal data between the EU and the US.

Viviane Reding, who is the EU Commissioner responsible for data protection, stated that the recent PRISM controversy was a "wake-up call" which Europe would answer with "data protection reform". In that context, Reding said the "Safe Harbor agreement may not be so safe after all" as it could be used as a "loophole" for data transfers from the EU to the US despite "US data protection standards [being] lower than our European ones". As a result, she stated that she will be working on a "a solid assessment of the Safe Harbor Agreement" and will present this "before the end of the year".

What is the Safe Harbor Agreement?

The US/EU Safe Harbor framework (often known as the Safe Harbor Agreement) was developed in 2000 following the US Department of Commerce's consultation with the European Commission. It enables US companies that self-certify that they comply with the Safe Harbor framework to be deemed to provide "adequate protection" for personal data transferring from the EU to the US. As such, the Safe Harbor Agreement is of key importance for EU/US trade. Approximately 3,000 leading companies have self certified including Microsoft and Amazon.

What should you do?

Companies and...

To continue reading