Friday, 22 June 2018  
border border border
image by George Gardiner
border border
    arrow     Home

Main Menu
News items
- - - - -
Contact us

Lost Password?
Safe harbors challenged

In a judgement delivered today (6 October 2015) the European Court of Justice has held that the Commission's decision that the US safe harbor provides an adequate level of protection is invalid.

This will now present a major challenge to a number of large US multinational businesses which regularly store personal data in the US.

As the safe harbors process is no longer considered sufficient in itself, companies will now have to individually assess whether or not the transfer of personal data to the US is permitted in individual circumstances. Given that the US Federal Trade Commission has investigated the validity of safe harbor registrations and has found many to be lacking and the revelations of data hacking and snooping by US government organisations disclosed by Edward Snowden, it is unlikely that US companies can demonstrate an adequate level of protection.

The Court has ruled that, in effect, national data protection agencies cannot wash their hands over the export of personal data to the US,citing the existence of safe harbors as their justification for doing so.

Of significance is the followingstatement:

"Without needing to establish whether that scheme ensures a level of protection essentially equivalent to that guaranteed within the EU, the Court observes that the scheme is applicable solely to the United States undertakings which adhere to it, and United States public authorities are not themselves subject to it. Furthermore, national security, public interest and law enforcement requirements of the United States prevail over the safe harbour scheme, so that United States undertakings are bound to disregard, without limitation, the protective rules laid down by that scheme where they conflict with such requirements. The United States safe harbour scheme thus enables interference, by United States public authorities, with the fundamental rights of persons, and the Commission decision does not refer either to the existence, in the United States, of rules intended to limit any such interference or to the existence of effective legal protection against the interference..".

This ruling will cause considerable problems for many companies who will have to immediately cease transferring personal data to the US from the EU.

In the US Microsoft is currently appealing a court decision which required it to disclose personal data held in its Irish data centre pursuant to a valid search warrant obtained by US authorities. Today'sCourt of Justice ruling does not address this issue, but it is clearly related.

Does this mean that all of Microsoft's Office 365 infrastructure,provisioned via the cloud, is now illegal? What about Amazon, Facebook, twitter, tumblr ..... ?

Regulation of drones - EU Working Party Opinion

Drones can undoubtedly provide significant advantages and benefits by enabling a cost-effective and quick way to survey land and events from the air. Technological advances are encouraging their adoption and also the immediate use of any information provided by them.

The rapid deployment of a drone at an accident scene, for example, could allow for close up realtime streaming of video to news broadcasters. That drone could also prevent the deployment of an air ambulance, perhaps leading to the death of a person because rapid medical care was prevented. As drones move away from being flimsy plastic toys to solid constructions with significant metal parts the risk of damage to rotors and engines increases, presenting real risks to planes and helicopters.


Cookie law update - 12 months on

In May 2011 we prepared a guidance note on the amendments to The Privacy and Electronic Communications (EC Directive) Regulations 2003 (link). Back then businesses were given a 12 month moratorium on compliance and enforcement by the Information Commissioner. That moratorium ends on 25 May 2012.

Since then not a lot seems to have changed. Most websites appear to have done little to deal with the new rules (i.e. the "opt in" requirement) - the BBC website being a notable and elegant exception.

This makes enforcement by the ICO problematic, except for the worst offenders. However, widespread changes will not occur until the ICO starts handing out fines.

What does this mean for your business? In short, if you haven't already you need to start work immediately on identifying what cookies are used and the data they track; then you need to decide whether or not the use of those cookies is justified; and, finally, you may need to get explicit consent for the remaining cookies you decide to use.

For an explanation of the changes to the law itself please see our May 2011 guidance note (link).


<< Start < Prev 1 2 3 4 5 6 Next > End >>

go to top Go To Top go to top

Copyright reserved
border border border