The End of Safe Harbor: What Future for EU-US Data Transfers?
| Author | Sergio Carrera,Elspeth Guild |
| Published date | 01 October 2015 |
| Date | 01 October 2015 |
| DOI | http://doi.org/10.1177/1023263X1502200501 |
| Subject Matter | Editorial |
22 MJ 5 (2015) 651
EDITORIAL
THE END OF SAFE HARBOR: WHAT
FUTURE FOR EU-US DATA TRANSFERS?
S C and E G*
On 6October 2015, the Court of Justice of the European Union (CJEU) handed down
a judgment which surprised ma ny working on EU-US data transfers. In Schrems,1 the
CJ EU a nnu ll ed t he Com mi ssi on’s D ec isi on 2 00 0/52 0 of Jul y 20 00 2 according to which US
data protection rules a re ‘adequate’ to satisfy the rules c omprising the EU data protection
architecture as regards the t ransfer of personal data from the EU to undertakings i n the
US.
§1. WHAT DOES THE JUDGMENT MEAN?
e EU-US Safe Harbor framework permits busi nesses on both sides of the Atlantic
to transfer personal data to one another without requiring a speci c analysis of data
protection and an assessment of its compatibility with EU data protection law. e
programme was designed to reduce t he administrative burden of complying with the
is s ystem was based on voluntary participation by compan ies.
e EU-US Safe Harbor fra mework depends on a Commission decision which
declares that US personal d ata protection rules provide an ‘adequate level of protection’
for personal data consistent with EU standards. Decision 2000/520 was annulled by the
* Sergio Carre ra is Senior Research Fel low and Head of the Justice a nd Home A airs Prog ramme at
CEPS, and Ass ociate Professor/Senior Res earcher at the Facult y of Law of the University of Maa stricht.
Elspeth Gu ild is Associate Senior R esearch Fellow at CEPS and Je an Monnet Professor ad personam of
European im migration law at Radboud Universit y Nijmegen and Queen Mary, University of L ondon.
is piece is base d on a larger article prep ared for the SOURCE project (Socie tal Securit y Network
funded by the EU S eventh Framework Progra mme for Research.
1 Case C-362/14 Schrems v. Data Protecti on Commissioner, EU:C:2015:650.
2 Commission Decision 2000/520/EC of 26July 2000 pursuant to Directive 95/46/EC of the European
Parliament and of t he Council on the adequa cy of the protection provide d by the safe harbour priv acy
principles and relate d frequently asked quest ions issued by the US Depar tment of Commerce (noti ed
under document numb er C(2000) 2441) (Text with EEA releva nce), [2000] OJ L 215/7.
3 Directive 95/46/EC of t he European Parli ament and of the Counc il of 24October 1995 on the protect ion
of individuals with regard to the processing of personal data and on the free movement of such data,
[1995] OJ L 281/31.
To continue reading
Request your trial