US-EU Safe Harbor Resource Center
Keep up with the latest information as your global business moves beyond EU Safe Harbor
The US-EU Safe Harbor framework of 2000 provided a streamlined way for global businesses to transfer personal data across the Atlantic, without having to manage varying rules across 28 different EU data protection authorities (DPAs). Safe Harbor provided an easy way for over 4,000 companies to self-certify that they complied with European data privacy principles.But on October 6, 2015, the European Court of Justice (ECJ) emphatically ruled that Safe Harbor was inadequate and invalid. The case started with Austrian citizen Max Schrems’ suit claiming that his privacy rights were violated because Facebook and US surveillance potentially exposed his private data. The ruling, however, has much broader implications. Now any business that has relied on Safe Harbor, including almost all US cloud providers, has to take immediate action to find alternatives legal avenues.
You Have to Do Something, but Exactly What is Unclear
The ECJ ruling takes effect immediately, removing EU Safe Harbor as the legal basis for cross-Atlantic data transfers, but the decision raises more questions than it answers. Legal experts have made many short term recommendations, but confusing and often contradictory statements come from the various DPAs almost daily. This resource center provides up-to-date information, resources, and links to help you assess the impact and develop a plan to keep your global business running without Safe Harbor.