The Court of Justice of the European Union (“CJEU”) has held that transfers of personal data of European citizens to the United States made under the so-called Safe Harbor scheme are subject to significant risks, and declared the corresponding decision of the European Commission to be invalid. As a consequence, EU entities of US companies that have been relying on Safe Harbor will need to revise their practice of submitting personal data to the United States in order to comply with EU data protection law.
The judgment also gives an indication of how the EU privacy authorities may look at the adequacy of data privacy regimes in the future and therefore how businesses operating globally should be planning data transfer arrangements.
Mayer Brown partner Mark Prinsley and senior associate Oliver Yaros offered insight into the decision and discussed:
- How US companies can deal with the consequences of this decision
- If acceptance of Standard Contract Clauses and implementation of Binding Corporate Rules will comply with applicable EU data protection law
- Safe Harbor 2.0
A recording of this event may be viewed on the Sourcing Industry Group's website as well as slides of Mark and Oliver's presentation.
Please visit sig.org.