As most readers are aware, the Court of Justice of the European Union (CJEU) rule in Schrems v. Data Protection Commissioner (Case C-362/14) on October 6, 2015, the voluntary Safe Harbor Program did not provide adequate protection to the personal data of EU citizens. Post Schrems U.S. companies have been unclear what to do to transfer data out of the EU in a compliant manner. There may soon be a clearer answer, says a top EU official.
Vera Jourová, the European Commissioner for Justice, Consumers and Gender Equality, made comments through a spokesperson that the U.S. and the E.U. were close to an agreement on new data transfer requirements. Jourová’s spokesperson, Christian Wigand, told various press outlets that the EU and U.S. have “agreed on concrete next steps in order to come to a conclusion before the end of January 2016.” These next steps will materially affect how U.S. companies develop international data transfer plans for data being exported from the EU.
EU data protection authorities have said that they will start to enforce the Schrems decision by the end of January 2016, which could suspend Safe Harbor transatlantic data transfers unless a replacement procedure is created.
If the EU and U.S. can agree on terms that provide adequate protection to EU citizens’ data before the end of January, U.S. companies will have a clearer path to data transfer compliance.