The background story

The European Commission’s Directive on Data Protection went into effect in October 1998, and would prohibit the transfer of personal data to non-European Union countries that do not meet the European Union (EU) “adequacy” standard for privacy protection. While the United States and the EU share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the EU. The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self-regulation. The EU, however, relies on comprehensive legislation that requires, among other things, the creation of independent government data protection agencies, registration of databases with those agencies, and in some instances prior approval before personal data processing may begin. As a result of these differences, the Directive could have significantly hampered the ability of U.S. organizations to engage in a range of trans-Atlantic transactions.

In order to bridge these differences and provide a streamlined and cost-effective means for U.S. organizations to satisfy the Directive’s “adequacy” requirement, the U.S. Department of Commerce in consultation with the European Commission developed a “safe harbor” framework. The U.S.-EU Safe Harbor Framework, which was approved by the EU in 2000, is an important way for U.S. organizations to avoid experiencing interruptions in their business dealings with the EU or facing prosecution by EU member state authorities under EU member state privacy laws. Self-certifying to the U.S.-EU Safe Harbor Framework will ensure that EU organizations know that your organization provides “adequate” privacy protection, as defined by the Directive.

U.S.-EU SAFE HARBOR BENEFITS

The U.S.-EU Safe Harbor program provides a number of important benefits to U.S. and EU organizations.

Benefits for participating U.S. organizations include:

All 28 Member States of the European Union will be bound by the European Commission’s finding of “adequacy”;
Participating organizations will be deemed to provide “adequate” privacy protection;
Member State requirements for prior approval of data transfers either will be waived or approval will be automatically granted;
Claims brought by EU citizens against U.S. organizations will be heard, subject to limited exceptions, in the U.S.; and
Compliance requirements are streamlined and cost-effective, which should particularly benefit small and medium enterprises.

EU invalidated the agreement

The case of the Safe Harbor agreement for the transfer of data between the EU and the USA, found invalid by the European Court of Justice on 6 October 2015, means considerable legal uncertainty for many companies, especially those making use of Cloud services.

What now?

On 6 October, the European Court of Justice (CJEU) declared the Safe Harbor decision on the transfer of data between the USA and the EU to be invalid. The result of this is that any exchange of data on the basis of Safe Harbor is, with immediate effect, unlawful. European companies now need to examine whether and which of their data transfers – particularly those to Cloud service providers with IT resources in the USA – are affected by this.

The eco White Paper “Impacts on European Companies as CJEU declares Commission’s ‘Safe Harbor Decision’ invalid” explains how European companies should now proceed in order to assess their processes and ensure that their handling of data is legally compliant. The paper was written by Lawyer Dr. Thorsten Hennrich, specialist in IT and Cloud-related legal topics.

The eco White Paper on the CJEU Safe Harbor Decision can be downloaded here.

Five tips for companies for dealing with the Safe Harbor Agreement (Source: eco)

Check whether you are affected!
Check what legal foundation you are using for your data Transfers!
Examine whether you can base your data transfers on other legal foundations!
Inform you customers!
Observe the further developments!

Sources:

https://international.eco.de/2015/news/safe-harbor-5-tips-that-companies-need-to-consider.html

http://www.export.gov/safeharbor/eu/eg_main_018365.asp

Click to access eco-guidelines-on-eu-data-protection-reform.pdf

Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

Targeted Malware on the rise

Ever wondered what a “spear phishing” is ? Or a “targeted malware” ? See below: It is an email targeted to a member of an organization, which is made to look as legitimate as possible. The difference between normal phishing and malware emails and a targeted one is that the contents of the emails […]

Protect your personal information and identity

Credits:http://cybersecuritymonth.eu/press-campaign-toolbox/ecsm-material/personal-information-identity European Cyber Security Month an EU advocacy campaign that takes place in October Protect your personal information and identity Use a strong password: Your password is the equivalent of the lock and key to your house on the Internet. Passwords are a major defence, and developing good password practices will help keep your sensitive […]

“Want more fans for your page ?” Tempting, isn’t it?

I received a spam with an advertising for the Facebook page IT Security News: Nothing special, but the two things drew my attention: – The picture was hosted by McAfee URL shortner: mcaf.ee – The prices for the followers were different. Want more fans on your page It Security News ? Get more fans with […]

What is Safe Harbor and what do companies have to consider

The background story

EU invalidated the agreement

What now?

Sources:

Like this:

Related

Like this:

Like this:

Like this:

IT Security News (EN)

IT Sicherheitsnews (DE)

Improve Your Security Ebook

The background story

EU invalidated the agreement

What now?

Sources:

Share this:

Like this:

Related

Related Posts

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: