Will the U.S.-EU 'Safe Harbor' data transfer ruling affect my business?

In short, the Oct. 6 ruling will affect any company transferring personal data across the Atlantic, which could include payroll, HR and/or customer information.

Here's more on the topic:
Thousands of companies currently transfer personal data from the European Union to the United States, relying on the U.S.-EU Safe Harbor agreement to do so. On Oct. 6, 2015, the EU’s highest court struck down this agreement on the grounds that it infringes European citizens’ fundamental right of privacy because it gives U.S. governmental authorities open access to online information and personal data. This decision is important because it will require company owners and executives to evaluate and fundamentally change how personal data transfer and privacy compliance are handled.

Why it’s problematic

The U.S.-EU Safe Harbor agreement allowed companies to transfer personal data from the EU to the U.S. by complying with a single set of rules for both jurisdictions.

The court’s ruling creates significant problems for companies because each EU member can now create its own rules and regulations. Compliance with multiple international regulatory frameworks will be very costly and burdensome.

This ruling will affect more than just technology companies. It will affect any company transferring personal data across the Atlantic, which could include payroll, human resources and/or customer information.

What’s next?

The EU and the U.S. are in the process of negotiating a new Safe Harbor agreement that will comply with the court’s ruling.

Until then, however, large and small companies alike will need to find an alternative mechanism to transfer personal data from the EU to the U.S.

For instance, as Commissioner Vera Jourová of the European Commission noted after the court’s ruling was announced, “standard data protection clauses in contracts” and “binding corporate rules for transfers within a corporate group” may be alternatives to the now-invalid Safe Harbor agreement. These alternative mechanisms and other compliance methods will need to be further developed and refined.

Businesses are sure to face increased compliance requirements and related costs as a result of these changes.

Company owners and executives are encouraged to take action now to identify how these changes affect their ability to transfer data across the Atlantic, research alternative mechanisms appropriate for their businesses, and implement alternative mechanisms to ensure compliance with the EU’s privacy and data protection laws.

Gunster attorney Bob White contributed to this article.

Image courtesy of jscreationzs via FreeDigitalPhotos.net

Our attorneys keep clients in the know when it comes to how the law affects business. Read Gunster’s blog for timely and important updates on legal and business matters, straight from our attorneys to you.

Recent Posts

Popular Categories

Jump to Page

Gunster Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek