Thousands of companies currently transfer personal data from the European Union to the United States, relying on the U.S.-EU Safe Harbor agreement to do so.
On Oct. 6, 2015, the EU’s highest court struck down this agreement on the grounds that it infringes European citizens’ fundamental right of privacy because it gives U.S. governmental authorities open access to online information and personal data.
This decision is important because it will require company owners and executives to evaluate and fundamentally change how personal data transfer and privacy compliance are handled.
* * * *
Why it’s problematic
The U.S.-EU Safe Harbor agreement allowed companies to transfer personal data from the EU to the U.S. by complying with a single set of rules for both jurisdictions.
The court’s ruling creates significant problems for companies because each EU member can now create its own rules and regulations. Compliance with multiple international regulatory frameworks will be very costly and burdensome.
This ruling will affect more than just technology companies. It will affect any company transferring personal data across the Atlantic, which could include payroll, human resources and/or customer information.
The EU and the U.S. are in the process of negotiating a new Safe Harbor agreement that will comply with the court’s ruling.
Until then, however, large and small companies alike will need to find an alternative mechanism to transfer personal data from the EU to the U.S.
For instance, as Commissioner Vera Jourová of the European Commission noted after the court’s ruling was announced, “standard data protection clauses in contracts” and “binding corporate rules for transfers within a corporate group” may be alternatives to the now-invalid Safe Harbor agreement. These alternative mechanisms and other compliance methods will need to be further developed and refined.
Businesses are sure to face increased compliance requirements and related costs as a result of these changes.
Company owners and executives are encouraged to take action now to identify how these changes affect their ability to transfer data across the Atlantic, research alternative mechanisms appropriate for their businesses, and implement alternative mechanisms to ensure compliance with the EU’s privacy and data protection laws.
Yes! Please sign me up to receive email alerts from other Gunster practice areas.
This publication is for general information only. It is not legal advice, and legal counsel should be contacted before any action is taken that might be influenced by this publication.
Gunster, Florida’s law firm for business, provides full-service legal counsel to leading organizations and individuals from its 12 offices statewide. Established in 1925, the firm has expanded, diversified and evolved, but always with a singular focus: Florida and its clients’ stake in it. A magnet for business-savvy attorneys who embrace collaboration for the greatest advantage of clients, Gunster’s growth has not been at the expense of personalized service but because of it. The firm serves clients from its offices in Boca Raton, Fort Lauderdale, Jacksonville, Miami, Orlando, Palm Beach, Stuart, Tallahassee, Tampa, Vero Beach, and its headquarters in West Palm Beach. With more than 240 attorneys and consultants, and over 240 committed support staff, Gunster is ranked among the National Law Journal’s list of the 500 largest law firms and has been recognized as one of the Top 100 Diverse Law Firms by Law360. More information about its practice areas, offices and insider’s view newsletters is available at www.gunster.com.