As has been widely reported, the U.S.-EU Safe Harbor – probably the most commonly used method for transferring personal data to the United States – has been invalidated by an EU court. The court’s decision has wide-ranging implications for data protection compliance for U.S. businesses and other organizations with activities in Europe. While the decision makes it clear that Safe Harbor is no longer a valid mechanism for data transfers, the decision leaves unanswered many questions about the data transfer rules going forward. Some of these questions will not be resolved immediately, as answers will depend on (1) how data protection regulators react to the court’s decision; (2) what is included regarding transfers in the final version of the proposed General Data Protection Regulation; and (3) whether the United States can deliver on commitments to assuage European concerns over surveillance.
Continue reading here.