Emerging Markets Law

E.U. High Court Strikes Down Data Privacy Safe Harbor

Posted In Privacy

The EU high court today struck down the fifteen year-old "Safe Harbor" that has allowed US businesses to operate there under a single set of privacy rules. Reacting to the Edward Snowden revelations about NSA spying programs, the EU court ruled that companies in the U.S., which has no national set of privacy rules about consumer data, must now deal with the privacy regulators in each EU country rather than deal with a single, uniform, EU-wide standard.

For US businesses that process data coming out of EU countries, this creates a huge level of uncertainty and difficulty. Online businesses, Web sites, cloud storage, e-commerce, data processing, and more may be affected if it contains EU data. If you are an online, Web, cloud, etc company, or if you have employees overseas and therefore process HR data across borders, please start looking at your privacy policies and practices.

As a practical matter, this decision probably means that affected US businesses will have to achieve compliance with the strictest EU member privacy rules (highest common denominator) about things like cookies, consumer access to data, right to be forgotten, and so forth. It's a big compliance headache.

Stay Connected

Subscribe to blog updates via email

Contributors