In a press statement, Hamburg’s Data Protection Officer announced fines against three companies guilty of illicit data transfers to the US. After the removal of Safe Harbor by the European Court of Justice, Hamburg’s data protection officer began an assessment of the data transfer practices of 35 international companies based in Hamburg. The assessment has resulted in the discovery of several companies who have failed to implement a legal framework for the transfer of data to the US. The three companies concerned have since adopted standard contractual clauses and the amount of fines due to be levied against them have now been subsequently reduced. However, Hamburg’s data protection officer announced that he would apply stricter criteria to similar matters in the future. He also approved of the view adopted by the Article 29 Working Party according to which the EU and the US need to improve the terms contained in the current “Privacy Shield” framework.
Press release (in German)