EU-U.S. Safe Harbor Agreement

The U.S. and EU’s negotiators on the EU-U.S. Safe Harbor data transfer program have missed an end of May target date for reaching an agreement on amendments to the program.

They nevertheless publicly reaffirmed their commitment to reaching an agreement on the Safe Harbor program, and on an “Umbrella Agreement”
Continue Reading U.S. and EU Miss Target for Safe Harbor Renegotiation, But Remain Optimistic

Věra Jourová, the European Commissioner for Justice overseeing negotiations with the U.S. Department of Commerce over the future of the EU-U.S. Safe Harbor scheme, has reiterated the May 28th target date for near-completion of the negotiations (previously covered on InsidePrivacy here and here).  Her hope is that an
Continue Reading European Commission Targets May 28th for Conclusion of Safe Harbor Negotiations

By Dan Cooper and Phil Bradley-Schmieg

On March 24, 2015, the Court of Justice of the EU (CJEU) heard arguments in Case C-362/14 (Schrems).  The High Court of Ireland has asked the CJEU whether Ireland’s data protection authority (DPA) — and by extension other EU DPAs — is bound by the Commission’s adequacy decision (Decision 520/2000/EC) with respect to the EU-US Safe Harbor framework, or whether the authority may, or must, conduct an independent investigation into the adequacy of the Safe Harbor in light of subsequent factual developments (potentially prohibiting use of the framework for EU to U.S. transfers).

The impact of the case could be wide-ranging, as thousands of organizations currently rely on the Safe Harbor for transferring personal data from the EU to the U.S., rather than alternative data transfer mechanisms.  Max Schrems, the applicant in the underlying Irish proceedings, argued that given recent allegations as to the freedom with which U.S. intelligence agencies can access EU-originating data from Safe Harbor companies, the Safe Harbor no longer provides adequate protection as a matter of EU law.
Continue Reading CJEU Hears Oral Arguments in Pivotal EU-U.S. Safe Harbor Case

 

  1. The CJEU “Right to be Forgotten” Ruling.  In May 2014, the Court of Justice of the European Union (CJEU) delivered an important judgement in a referral from Spain’s National High Court involving Google, a Spanish national, and the Spanish data protection authority (Case C-131/12).  The CJEU’s decision re-interpreted European data protection law to include a so-called “right to be forgotten” that enabled individuals to request search engines to block links that appear on searches of their names if the links go to information that is incomplete, inaccurate, irrelevant, or otherwise damaging to an individual’s privacy.  (This right is limited in the case of public figures, however.)  The decision also found that Google was subject to European data protection law because it operated subsidiaries in Europe whose business was to raise advertising revenues in relation to the search engine’s data processing activities.  The decision triggered an immediate tidal wave of tens of thousands of requests to Google and other search engines that continues to raise controversies to this day.
  1. CJEU strikes down the Data Retention Directive as invalid. In April 2014, the CJEU took the rare step of annulling the controversial Data Retention Directive, which mandated the systematic (“bulk”) retention of communications metadata by telecommunications companies in the EU, for potential access by law enforcement authorities (see our blog post here).  The Court criticised the Directive’s indiscriminate targeting of suspects and non-suspects alike, and the law’s general lack of safeguards, finding that it amounted to an “interference with the fundamental rights of practically the entire European population” contrary to Articles 7 and 8 of the Charter of Fundamental Rights of the EU.  The Directive’s invalidation raised questions about the continuing validity of the national laws that had implemented the Directive throughout the EU.  In the UK, this lead to the accelerated adoption of substitute legislation, the Data Retention and Investigatory Powers Act 2014 (“DRIPA”), and its implementing regulations.
    Continue Reading Top 10 International Privacy Developments of 2014

On October 23, the Trans-Atlantic Business Dialogue held a briefing session on the EU-U.S. Safe Harbor Agreement.  Ted Dean, Deputy Assistant Secretary at the U.S. Department of Commerce, gave an update on the negotiations with the European Commission.  Following the Snowden revelations and a resolution of the European Parliament, the
Continue Reading Trans-Atlantic Business Dialogue Holds Briefing Session on EU-U.S. Safe Harbor Agreement

From September 29 to October 7, 2014, parliamentary Committees of the European Parliament (“EP”) will be holding public confirmation hearings with Commissioners-designates with a view to assessing their skills and qualifications ahead of the EP’s vote on October 22 to approve (or reject) the Council’s appointment of the new Commission.

On October 1, the Committee on Legal Affairs (“JURI”), the Committee on Civil Liberties, Justice and Home Affairs (“LIBE”), the Committee on Internal Market and Consumer Protection (“IMCO”) and the Committee on Women’s Rights and Gender Equality (“FEMM”) therefore held a hearing with Věra Jourová, the Czech Commissioner-designate for Justice, Consumers and Gender Equality.   The answers of the Commissioner designate, some of which are summarized here below, failed to impress the members of the European Parliament who will be subjecting the Commissioner- designate to further questions.  It is therefore at this stage unclear whether Ms Jourova will take up her portfolio later this year.Continue Reading Committees of European Parliament Hold Confirmation Hearing for Commissioner-Designate for Justice, Consumers, and Gender Equality

On March 12, 2014, the European Parliament voted 544 to 78, with 60 abstentions, to endorse a report prepared by MEP Claude Moraes (S&P, UK) (the Report), and to pass a resolution summarising Mr. Moraes’ findings (the Resolution).  The Report and Resolution conclude a six-month investigation by the influential Committee
Continue Reading European Parliament Adopts Report Threatening Disruption to U.S.-EU Data Flows and Upcoming Trade Agreements; However, Legal Impact is Muted

Recent events in the European Parliament and European Council demonstrate that concerns over the U.S.-EU Safe Harbor Agreement are continuing to mount, and reform or even revocation of the Safe Harbor Agreement remains a possibility.  Today, Covington published a client alert that discusses recent developments involving the Safe Harbor Agreement

Continue Reading The Future of the Safe Harbor Agreement

On 8 October, 2013, a group of Social and Democrat MEPs called for the suspension of the U.S.-EU Safe Harbor Framework (the “Safe Harbor”).  Their comments, which were triggered by the unauthorized disclosure of document describing a U.S. National Security Agency surveillance program known as “PRISM”, argued that the Safe

Continue Reading Criticism of Safe Harbor Continues to Rise in European Union Institutions