Skip to main content

Invalid Safe Harbour agreement has January deadline

If the now invalid Safe Harbour agreement is not replaced by something soon, European privacy regulators might take matters into their own hands, Reuters reported on Monday.

"If by the end of January 2016, no appropriate solution is found with the US authorities and depending on the assessment of the transfer tools by the Working Party, EU data protection authorities are committed to take all necessary and appropriate actions, which may include coordinated enforcement actions," the watchdogs said in a statement.

The European Union and the United States should negotiate an “intergovernmental agreement”, the regulators said in a statement, adding that the agreement should provide stronger privacy guarantees to EU citizens. Those guarantees should include oversight on government access to data.

Lawyers have said alternative data transfer systems could also be at risk to legal challenge since they do not provide stronger protection against US government snooping than Safe Harbour did.

"The good news is that the European data protection authorities have agreed on a kind of grace period until the end of January," said Monika Kuschewsky, a lawyer at Covington & Burling.

The Safe Harbour was an agreement which allowed US companies to pull data about users in the European Union. It was recently struck down by the highest EU court, leaving more than 4,000 companies without alternatives.

Under European Union data protection law, companies cannot transfer EU citizens' personal data to countries outside the EU deemed to have insufficient privacy safeguards, of which the United States is one.