Ben Fielding examines the implications of the end of Safe Harbor
For the past 15 years, the “Safe Harbor” agreement between the EU and US has allowed US-based companies and organisations to meet the European Commission’s “adequacy” standards and to legally transfer data from the EU to US, ensuring compliance with the EU Data Protection Directive 95/46/EC (Data Protection Directive). However, last month, the European Court of Justice ruled the agreement was invalid as it did not sufficiently protect the privacy of EU citizens.
The decision, along with the ongoing legislative process for the passing of the General Data Protection Regulation (GDPR), marks the beginning of a new era in data protection regulation. With the end of Safe Harbor, which was used by some 4,400 companies, many international companies are nervous about the implications of this on how they do business.
Why did it end?
Safe Harbor was designed to meet the adequacy requirements which arose as a result of the Data Protection Directive, which in turn was passed to protect data privacy and ensure that there are safeguards for processing of personal data.
