On October 6, 2015, the European Court of Justice invalidated the EU Commission’s decision that had allowed companies to transfer personal data from the EU to the United States under the EU-US Safe Harbor Framework. Two months on, various bodies and EU privacy regulators have issued guidance, including a statement by the Article 29 Working Party effectively making clear that there will be a grace period in enforcement concluding at the end of January 2016.
This decision, and subsequent guidance, has wide-reaching implications for companies undertaking international transfers that have relied on Safe Harbor to receive and process data in the US. In the short term, companies will need to consider many changes to the regulatory and enforcement environment:
- What are the alternative transfer mechanisms best suited to business operations and footprint?
- How does the decision change dealings with key DPAs, as a matter of regulatory filings, building trusted relationships, or dealing with heightened enforcement risks
- Are there real world steps to take internally to mitigate the risk of copycat data subject complaints against other businesses which collect and store EU data in the US (a) with vendors or (b) directly?
Our data privacy experts will lead a discussion focusing on:
- The history and politics of Safe Harbor
- Dispelling some of the myths about the court’s decision
- The real risk of enforcement for companies that relied on Safe Harbor
- Alternative mechanisms: pros and cons
- Checklist for companies of next steps.
Register to attend the webcast on Thursday, December 10, 2015.