The October 6 LawFlash “ECJ Rules EU-US Safe Harbor Programme Is Invalid” by Morgan Lewis partners Stephanie A. Blair and Pulina Whitaker and of counsel Dr. Axel Spies discusses the European Court of Justice (ECJ) ruling in the landmark case Maximillian Schrems v. Data Protection Commissioner (case C-362/14).
In Schrems, the ECJ ruled that the Safe Harbor program (which dictated the conditions of the transfer of personal data from the European Union to the United States since 2000) is invalid. The ruling also stated that EU data protection authorities have powers to investigate complaints about the transfer of personal data outside Europe (including transfers by Safe Harbor-certified organizations), and that EU data protection authorities can, where justified, suspend data transfers outside Europe until their investigations are completed.
The decision significantly strengthens the powers of national data protection authorities in Europe. Given that the ECJ ruling has declared the Safe Harbor program invalid, the European Commission announced that it intends to release guidance for Safe Harbor-certified companies within the next few weeks.
Read the full LawFlash on this subject for an analysis of the ruling and its implications in relation to Safe Harbor certification and personal data transfers to the United States.