The European Commission’s safe harbor framework is invalid, and U.S. companies are no longer protected by self-certifying that they adequately protect of European data in compliance with the European Union’s (EU) Data Protection Directive (95/46/EC). Schrems v. Data Prot. Comm’r. The Court of Justice of the European Union (CJEU), the EU’s highest court, ruled that even if U.S. companies use adequate protection measures for personal data of European users, U.S. authorities are not subject to the provisions of the safe harbor framework. The safe harbor agreement, therefore, places the data privacy of Europeans at risk of U.S. government surveillance. Section leaders opine that the decision has significant ramifications and forces U.S. companies doing business in Europe to find alternative ways to legally transfer data.
Premium Content For:
- Litigation Section