New Uncertainties for European-US Data Transfers: EU Court Strikes Down 15-Year Old Safe Harbor Agreement

On October 6, 2015, the European Court of Justice (the European Union’s highest court), struck down the US-EU Safe Harbor Agreement that previously provided companies to store personal data about Europeans on U.S. servers, and to transfer data to the U.S., without getting caught in Europe’s web of country-specific privacy and data transfer rules. The Court’s ruling threatens to wipe out 15 years of accepted business practices overnight.

From 2000 until this week’s ruling, companies could internally control their data privacy activities as long as they certified that they were complying with the Safe Harbor Agreement. The Court ruled that this 15-year old self-certification system does not adequately protect Europeans whose data might be transferred out of the EU. Instead, the Court’s decision leaves it to each European country’s regulators to evaluate all data transfer and protection systems under their respective jurisdictions. In essence, multinational companies must now comply on a country by-country basis instead of relying on one all-encompassing Safe Harbor.

Please see full Alert below for more information.

 Download PDF

Download PDF[148KB]

Note close

Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.

We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.

Please choose one of the above to proceed!

LOADING PDF: If there are any problems, click here to download the file.