Post Safe Harbor

This is a brief update in respect of our earlier post on the demise of Safe Harbor following the Schrems decision by the CEUJ. Following intense discussions, the EU Commission agreed a "new framework" for transatlantic data transfers with the US on 2 February 2016 called the "EU-US Privacy Shield".

Post Safe Harbor

This is a brief update in respect of our earlier post on the demise of Safe Harbor following the Schrems decision by the CEUJ. Following intense discussions, the EU Commission agreed a "new framework" for transatlantic data transfers with the US on 2 February 2016 called the "EU-US Privacy Shield".

Details of this new deal aimed at replacing Safe Harbor are still sparse and in any event it will take several weeks (if not months) before the EU-US Privacy Shield will officially come into force (if it will ever see the light of day). So although, there has been considerably progress, nothing has changed for the time being for companies wishing to transfer personal data from the EU to the US.

These are currently only valid if they are backed up by either EU Model Clauses or Binding Corporate Rules.

For more details on the EU-US Privacy Shields and the hurdles that it will need to overcome, please have a look at recent posts by my colleagues Phil Lee on the new deal for Safe Habor and by Olivier Proust on the EU US Privacy Shield.