What does this cover?

Last month a new EU-US data transfer regime to replace Safe Harbor, the EU-US Privacy Shield, was announced. We now await its finalisation, signature and ratification in order for the new regime to become legally binding.

However, assuming the Privacy Shield framework does lead to an adequate level of protection, insurers seeking to transfer data from Austria to US should be aware that an additional step will need to be completed in Austria before transfers can take place under the new regime.

Prior to the Schrems decision in October 2015, transfers from Austria to the US could take place without the prior approval of the Austrian Data Protection Authority pursuant to a piece of Austrian legislation (Section 1 Paragraph 2 Cipher 1 Austrian Data Protection Adequacy Decree) which gave effect to the Safe Harbor regime. Therefore, in order for the Privacy Shield regime to apply to Austria-US transfers in the same way, a change will be required in Austrian law. Insurers will need to wait for this change to be implemented before relying on the new Privacy Shield regime for Austria-US transfers.

To view the EU Commission press release on the EU–US Privacy Shield framework, please click here.

What action could be taken to manage risks that may arise from this development?

Organisations operating in Austria should seek specific advice in Austria if and when the Privacy Shield comes into force. 

Article submitted by Felix Hörlsberger and Nino Tlapak of Dorda Brugger Jordis – Vienna, Austria.