For companies that share personal data between the U.S. and EU by way of the Safe Harbor program, a recent opinion may have serious consequences on the way your business operates.
On September 23, the Advocate General (AG) of the European Court of Justice (ECJ), Yves Bot, issued an opinion in the case of Schrems v. Data Protection Commissioner that potentially puts the entire EU-U.S. Safe Harbor program at risk. The AG concluded that the Safe Harbor program should be invalidated based on the view that it does not provide adequate protection in light of the recent revelations made by Edward Snowden regarding the transfer of personal data from U.S. companies to the NSA.
While the ECJ is not required to follow the AG’s opinion regarding the adequacy of Safe Harbor, it would be uncommon for the ECJ not to fall in line with the AG’s view. The ECJ will be issuing its ruling on the Schrems case in the coming months, which may spell the end of the Safe Harbor program, at least as it is known today.
In light of the AG’s opinion, many companies are now questioning the validity of the Safe Harbor program and the necessary steps to be taken. Currently, the Safe Harbor program is still in place and a viable way for companies to share data between the U.S. and EU. However, companies will need to stay apprised of this situation and will need to be ready to take quick action should the ECJ side with the AG and invalidate the Safe Harbor program.