EU-US Safe Harbor Framework Ruled Invalid by EU Court of Justice

October 7, 2015

By: Linda A. Malek and Blaze D. Waleski

Yesterday's EU ruling means many companies are now out-of-compliance with EU data protection law, and creates more procedural red tape to transfer data from the EU to the US.

On October 6, 2015, Europe's top court, the Court of Justice of the European Union (ECJ), struck down the 15-year-old Safe Harbor agreement that allowed the free flow of information between the EU and the US. The immediate result of the ruling is that organizations within the EU may not transfer personal data out of the EU to the US, unless another avenue recognized by the European Commission (EC) is in place (generally, a contract between the data exporter and data importer using the EU Model Clauses, or approved Binding Corporate Rules (BCRs) for intra-company transfers).

PDF File View as PDF