The question before the court was: is a national data protection authority bound by the European Commission`s decision of 26 July 2000 that the Safe Harbour Agreement provides adequate privacy protection for personal data exported to the United States or can it investigate complaints about the level of protection offered in light of the events that have occurred? since that decision? On 6 October 2015, the Court of Justice of the European Communities issued a judgment invalidating European Commission Decision 2000/520/EC of 26 July 2000 “on the adequacy of protection through the Safe Harbour Principles and frequently asked questions by the US Department of Commerce”. As a result of this decision, the US-EU Safe Harbour Convention is not a valid mechanism for complying with EU data protection requirements when transferring personal data from the EU to the US. On 19 July 2013, Viviane Reding, then Vice-President of the European Commission, told the Vilnius Justice Council: “The Safe Harbour Agreement may not be so secure. This may be a loophole for data transfers, because it allows data transfers from the EU to US companies, although US data protection standards are lower than ours in Europe. Reding announced a robust assessment of the Safe Harbor agreement, which is expected to be presented before the end of the year. 2 February 2016: With some delay, the European Commission announced an agreement with the United States on a new framework for transatlantic data flows called the EU-US Privacy Shield. The new regime is based on the following elements: (a) strong obligations for companies that process the personal data of Europeans and robust enforcement; (b) clear safeguards and transparency obligations on access by the U.S. government; (c) effective protection of the rights of UNION citizens with several remedies (including an ombudsman). Under EU rules on referral to the ECJ on the “preliminary ruling”, the Irish Data Protection Officer has since had to”. examine Mr Schrems` case `with all due diligence` and […] decide whether […] the transfer of the personal data of European Facebook subscribers to the United States should be suspended”. [1] EU regulators have said that if the ECJ and the US do not negotiate a new system within three months, companies could face action by EUROPEAN data protection authorities. On October 29, 2015, a new “Safe Harbor 2.0” agreement seemed to be about to be concluded.
[24] Commissioner Jourova, however, expects the United States to act next. [25] U.S. NGOs quickly broadened the significance of the decision. [26] Safe Harbor is the name of an agreement between the U.S. Department of Commerce and the European Union that regulated how U.S. companies exported and handled the personal data of European citizens. The Safe Harbour Agreement, which many companies rely on for the transatlantic transfer of personal data, is not valid, the Court of Justice of the European Union has ruled. January 28, 2016: The JRA (JRA) was supplemented by an amendment that could lead to further disruption in negotiations between the US and the EU for an agreement replacing the Safe Harbor framework. The added language relates to the transfer of personal data for business purposes between certified countries and the United States and adds requirements that the Attorney General of the United States certifies that the “guidelines of the foreign country regarding the transfer of personal data for commercial purposes…
