Legal Updates

Data Protection – Update on the US “Safe Harbor” scheme

Written by David Marchese

Last October we reported on the demise of the EU-US “Safe Harbor” scheme, as a result of the decision of the European Court of Justice (ECJ) in the case of Maximilian Schrems v Data Protection Commissioner of Ireland. The ECJ held that the “Safe Harbor”, which has been used by many EU and US businesses to justify transatlantic transfers of personal data since 2000, was invalid because the US public authorities were not bound by the scheme, and this compromised the fundamental human right of EU citizens to respect for their private lives.

Amidst the ensuing uncertainty, national data protection authorities (including the UK Information Commissioner’s Office) have advised data exporters not to worry overly, and the EU Commission has now announced (on 2 February 2016) that it has reached agreement with the US authorities on a new framework for transatlantic data flows, called the “EU-US Privacy Shield”.

The main points are:

  • The US has given (or will give) the EU binding assurances that the access of US public authorities to personal data for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms (apparently including a  new Ombudsperson, or similar)
  • EU citizens will benefit from redress mechanisms in this area.

The US has also given assurances that it “does not conduct mass or indiscriminate surveillance of Europeans”.

While this appears to be good news both for businesses and private individuals, it will take some time for the details to be worked out, and will require a formal “adequacy decision” from the EU Commission. So it is still a case of “wait and see”.

Contact the Author

Profile image of David Marchese

David Marchese

I graduated from Oxford University before qualifying as a solicitor at Herbert Smith. I went on to work at Richards Butler and then Davenport Lyons, before joining Gordon Dadds in 2014. I have extensive experience advising on the law of intellectual property, information technology and commercial contracts. I am the author of Business Licensing Agreements (Longman, 1995), the section on Supply of Goods and Services in Practical Commercial Precedents (Sweet & Maxwell) and several published articles including Joint Ownership of Intellectual Property (EIPR, 1999) and Warranties and Covenants in IP Licences (OUP, 2009).

Gordon Dadds