In a blog posting, ICO Deputy Commissioner David Smith has suggested that the Safe Harbor regime may not yet have been completely destroyed. The ICO recommends that users of the Safe Harbor justification should not panic, nor should they rush to use other mechanisms that are not ideal for their business. The post also recommends that businesses check what data they transfer outside of the EU and the adequacy of the arrangements in place in respect to those transfers. The ICO stated that businesses in the UK do not have to rely on European Commission decisions on adequacy and can instead rely on their own assessments.

The ICO also reiterated that the ability of data protection authorities to review complaints from individuals is not confined to those transfers authorised under Safe Harbor but confirms that its approach to complaints will not change immediately. The ICO notes that the Commission Decisions on the adequacy of regimes in different countries, and on model clauses can still be relied on for data transfers, although the future of these mechanisms in the longer term is not certain. The ICO will update its guidance on international transfers in due course.

ICO blog post