Category: USA

Safe Harbor agreement unlikely by the end of January

27. January 2016

On 6th October 2015 the European Court of Justice has ruled, that the “safe harbor” agreement is invalid. Since then there is no legitimacy for transferring personal data outside of EU-territory. According to the statement of the EU data protection authorities assembled in the Article 29 Working Party, the parties involved were supposed to find an alternative agreement by the end of January 2016. Otherwise, EU data protection authorities would have to take all necessary and appropriate actions, which may include coordinated enforcement actions consequences to be drawn at European and national level.

The European Commission informed a committee of EU member countries during a session mid of January, that there has been no progress in the negotiations so far. According to sources, who took part at the meeting, a deal could still be made at the last minute. Other participants however entitled the deadline as “unrealistic” or “unlikely”.

The European Data Protection Supervisor (EDPS) Giovanni Buttarelli said that the January 31 date was a “legal fiction,” that “could not be fixed, because it would not have a legal basis.” “Even if some agreement was reached, it would be a political agreement,” he added. A final deal, which met all the criteria, “would take months,” he said.

The next meeting of the EU’s Article 29 Working Group will be on February 2. It is to expect, which measures will be taken against companies that still transfer data outside of the EU-territory based on the invalid safe harbor agreement.

Category: EU · Safe Harbor · USA

Proposal to create a U.S. privacy “ombudsman” to verify Safe Harbor compliance

26. January 2016

In a context where the Safe Harbor Decision has been declared invalid and the General Data Protection Regulation has entered into force, the European and American competent authorities are negotiating further mechanisms to carry out international data transfers in compliance with the current legislation.

According to Reuters, the U.S. has proposed creating the institution of the “ombudsman” as a component of the State Department. This institution shall handle with complaints from EU citizens regarding surveillance activities from American authorities,.verify that this surveillance activities are proportionate and that personal data transferred from the EU is accessed only in cases where national security is involved. However, EU negotiators have requested further details about this institution before the proposal is accepted.

Both negotiating parties, EU and U.S. authorities aim at reaching an agreement about the continuity and the legal basis to carry out data transfers to the U.S. by the beginning of February.

American Bar Association urges U.S. courts to regard foreign privacy laws

23. May 2012

One step further in resolving the dilemma of pre-trial Discovery in the U.S. in conflict with non-U.S. data protection laws: The American Bar Association adopted a resolution with the stated purpose to urge courts to respect foreign data protection and privacy laws in case of decisions on discovery issues.

Currently the interests of U.S. litigants to discovery are privileged by the courts when requirements of foreign privacy laws are not regarded. Other parties are in the situation to face inconsistent legal requirements and possible sanctions of foreign legal systems.

The resolution reads as follows:

“RESOLVED, That the American Bar Association urges that, where possible in the context of the proceedings before them, U.S. federal, state, territorial, tribal and local courts consider and respect, as appropriate, the data protection and privacy laws of any applicable foreign sovereign, and the interests of any person who is subject to or benefits from such laws, with regard to data sought in discovery in civil litigation.”

The American Bar Association says that the permission of unlimited discovery could impede global commerce or harm the interests of U.S. parties in foreign courts. Especially the laws in European jurisdictions and the EU Data Protection Directive limit the legal processing of personal data and the transfer of personal data outside of the EEA. There is also the fact, that some jurisdictions have enacted blocking statues to prohibit the seeking for disclosure of information that shall be used for evidence in foreign proceedings. For example in France a French lawyer had to pay a 10.000 Euro fine for obtaining discovery in France for a litigation in the U.S.

The resolution of the American Bar Association is not binding but could encourage U.S. courts to have a critical look at foreign privacy jurisdiction and the consequences of discovery for affected litigants or third parties. At the moment, data controllers who are forced to transfer data from the EU to U.S. for the purpose of discovery would be well advised to follow at least the guidance of Article 29 Working Party to comply with EU data protection obligations and to check in detail which way is the best.

Category: USA
Tags:
Pages: Prev 1 2 3 ... 5 6 7 8 9 10 11 12 13 14 15
1 13 14 15