Many organizations were left in legal uncertainty when the Euro­pean Court of Justice ­invalidated the U.S.-E.U. Safe Harbor program last month. In a landmark ruling, the European Court of Justice held that, due to alleged spying by U.S. government agencies, companies could not ensure adequate protection for data transferred from the European Union to the United States, even if they met the safe harbor’s requirements. Therefore, data transfers under the program had to stop ­immediately.

E.U. countries operate under the Data Protection Directive. The directive requires E.U. member states to accord their citizens a baseline level of privacy protection for “personal data,” defined broadly as any information that can be used to identify an individual. “Personal data” includes information such as a person’s name, phone number and email address. Under the directive, such data may be transferred lawfully to a country outside the E.U., if the European Commission has determined that the country offers “adequate” protection for personal data, or if other means are taken to ensure sufficient data privacy. This makes data transfers to countries that are not deemed to offer adequate protections difficult, since most data is “personal data” under the directive.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]