German DPA fines three companies for illegal data transfer to the U.S.

7. June 2016

The Data Protection Authority of Hamburg just announced in a press statement that it checked the data transfers of 35 international organizations that are based in Hamburg.

After the judgment declaring the former Safe Harbor Framework by the European Commission invalid  in October 2015 by the European Court of Justice, the DPA contacted organizations in Hamburg operating also in the U.S. and reviewed the transfer of personal data to the U.S. in order to determine whether other instruments are used than the Safe Harbor Framework. According to the mentioned press statement, the review has revelied that the majority of the companies had changed the legal basis of their transfers of data by implementing standard contractual clauses (SCC).

However, according to a report by Spiegel Online, there were three companies that did not change their legal basis for data transfer. Therefore, the three companies were fined:

Adobe (8.000 Euros), Punica (9.000 Euros) and Unilever (11.000 Euros)

As all three companies have changed the legal basis for data transfering during the proceeding, the DPA imposed a fine that was significantly smaller than the maximum of 300.000 Euros.

 

 

Category: EU · International Data Transfers · Safe Harbor · USA
Tags: ,