The Court of Justice of the European Union has declared that the Safe Harbor framework which enables the transfer of personal data between the EU and the US is invalid and does not ensure an adequate level of protection of that data.
The declaration follows a challenge to the transfer of personal data by the European subsidiary of Facebook to servers in the US, where the information is processed by Facebook Inc.
In light of this decision, EU data controllers who transfer personal data outside of the European Economic Area (EEA) will need to find an alternative mechanism allowable under EU data protection laws in order to transfer data to the US. The most common approach is likely to be to require US transferees to enter into an EU model clause agreement before the transfers.
Large multi-national group companies may consider binding corporate rules (rules adopted by the group which are binding on all members of the group to ensure a high level of protection for personal data transfers).
If you would like to discuss the impact of the decision on your business, please contact our Commercial team on on 01737 854 500 or find out more here.