Emerging Markets Law

Safe Harbor's Replacement - Handshake Deal in Place

The officials working to replace the recently-invalidated data transfer Safe Harbor have in place a handshake deal.

The full details are not yet public, but presumably will be disclosed before the deadline of January 2016 for US businesses to comply with EU data protection laws.

One European official indicated to the press that the new measures will involve less self-regulation by businesses, and more oversight from regulators. The Department of Commerce (which administered the US Safe Harbor plan) will oversee compliance, and the Federal Trade Commission will investigate complaints. This is sure to boost the FTC's profile in the privacy arena, something it has been working on doing anyway. 

The goal of the program will be to assure European data regulators that the US offers "equivalent" levels of protection to information about its residents. The EU laws on what constitutes personal information and how it may be accessed and used are far more strict than the laws in the US. An EU resident's complaint about Facebook resulted in the judicial felling of the voluntary Safe Harbor program. He claimed that Facebook cooperated with NSA spying programs and therefore that the Safe Harbor was not adequate protection; the EU's highest court agreed in a decision early this month. 

Regardless of what the new program entails, it will create a flurry of compliance work for US companies who transfer personal information out of the EU--regarding employees, clients, vendors, or anyone else. The status of data issues has been a source of great confusion for American companies since the decision was announced; new rules will at least bring some clarity, although they are likely to be more onerous than the old rules. 

Stay Connected

Subscribe to blog updates via email