What does this cover?

The Safe Harbor fallout continues and on the 6 November, the European Commission (EC) published its guidance in an attempt to provide some certainty to businesses affected by its demise (the Communication). The Communication reiterates the EC's commitment to the creation of a "renewed and sound framework", most likely in the form of Safe Harbor 2.0, and have set a three month target for the conclusion of discussions with the US government.

In the meantime, and in line with our advice immediately following the CJEU decision, the EC has reaffirmed the use of alternative transfer methods: Model Clauses, Binding Corporate Rules for intra-group transfers and other methods such as consent. 

Meanwhile it has been reported that online giants Microsoft and Amazon intend to set up UK based data centres.

The European Commission is now working at speed with the US in order to establish a "safer" Safe Harbor regime known as Safe Harbor 2.0, the deadline for which has been set by WP29 as 31st January 2016.  If no agreement is reached, data protection authorities, such as the ICO are urged to take action against companies who have not put alternative mechanisms in place by the end of January 2016.

To access the full Communication from the EC, please click here.

What action could be taken to manage risks that may arise from this development?

Financial services companies should work towards having alternative compliant mechanisms in place for transferring outside the EEA.