Time is running out for Europe and the US to agree a new 'Safe Harbor' scheme to transfer private consumer data
REUTERS/Jonathan Ernst
They're working to build a replacement to "Safe Harbor," a mechanism for companies to legally transfer personal data that was struck down by Europe's highest court three months ago over fears of US government spying.
Failing to reach an agreement could leave the thousands of companies that send data between the EU and the US in limbo, and at risk of legal action from individuals and national regulators in Europe on the grounds that the US does not offer adequate protections for personal data.
Safe Harbor was abruptly invalidated by the European Court of Justice (ECJ) in October 2015. Max Schrems, an Austrian law student privacy activist, had brought a case against Facebook in Ireland (its European headquarters) over US mass surveillance. Schrems argued that NSA spying meant that companies storing Europeans' data in the US could not sufficiently protect it. The Irish courts said they were powerless to act because of Safe Harbor - and so Schrems appealed to the ECJ, which invalidated the data transfer scheme altogether.
This has left US and EU negotiators desperately trying to build a new legal mechanism to legitimize transatlantic data transfers. Alternatives do exist - such as using pre-written "model clauses" that can be inserted into contracts, and obtaining the consent of the data subjects - but none are as straightforward as Safe Harbor was.
Negotiators have already missed one deadline set by Europe's privacy regulators, on Sunday night, The New York Times reports. They're now working to hammer something out tomorrow before the Article 29 working party meets this week.
So what happens if negotiators fail to come to an agreement - or if the working party rejects the proposals?
"We may see enforcement actions against companies that are still relying on Safe Harbor as the only basis for legitimizing their transfers of personal data to the US," privacy lawyer Susan Foster from law firm Mintz Levin told Business Insider. "It's likely that the initial targets would by US-headquartered companies, but European companies could be targets too. This is particularly a risk for European companies who want to transfer personal data to data processors in the US."
We should expect to see legal action almost immediately if a deal isn't reached, Foster says - initially focused at high-profile companies. "Will we see enforcement action immediately if no new Safe Harbor is reached this week? I think we are likely to see a few high-profile investigations pretty quickly. However, data protection authorities don't have unlimited resources, so initial investigations will probably be driven either by complaints from individuals, such as Maximillian Schrems' continuing complaints against Facebook, or other large targets that will generate a lot of publicity in return for a relatively small investment in enforcement funds."
- US buys 81 Soviet-era combat aircraft from Russia's ally costing on average less than $20,000 each, report says
- 2 states where home prices are falling because there are too many houses and not enough buyers
- A couple accidentally shipped their cat in an Amazon return package. It arrived safely 6 days later, hundreds of miles away.
- India Inc marks slowest quarterly revenue growth in January-March 2024: Crisil
- Nothing Phone (2a) India-exclusive Blue Edition launched starting at ₹19,999
- SC refuses to plea seeking postponement of CA exams scheduled in May
- 10 exciting weekend getaways from Delhi within 300 km in 2024
- Foreign tourist arrivals in India will cross pre-pandemic level in 2024
- JNK India IPO allotment date
- JioCinema New Plans
- Realme Narzo 70 Launched
- Apple Let Loose event
- Elon Musk Apology
- RIL cash flows
- Charlie Munger
- Feedbank IPO allotment
- Tata IPO allotment
- Most generous retirement plans
- Broadcom lays off
- Cibil Score vs Cibil Report
- Birla and Bajaj in top Richest
- Nestle Sept 2023 report
- India Equity Market