In a non-binding opinion issued on September 23, 2015, an Advocate General for the European Court of Justice (“ECJ”) recommended that the ECJ suspend the U.S.-EU Safe Harbor program (“Safe Harbor”) and reexamine whether the Safe Harbor provides adequate protection for personal data of EU citizens.  In light of its non-binding nature, the opinion did not effect any legal change and the ECJ is free to reject or adopt its recommendations.  Nevertheless, the opinion has triggered widespread concerns about the future of the Safe Harbor, due in part to the frequency with which the ECJ follows the recommendations of its advisors.

Under EU privacy law, transfer of personal data from the EU is permitted only to countries that provide an “adequate” level of data protection.  Based on a 2000 ruling by the European Commission, self-certification under the Safe Harbor demonstrates adequate protection and enables participating companies to transfer personal data between the EU and U.S.  However, the adequacy of the current Safe Harbor framework has been challenged in recent years, and the U.S. and European Commission are in the process of negotiating changes to the regime to strengthen the protections afforded by the Safe Harbor.

In the opinion, the Advocate General found that the 2000 European Commission decision is no longer valid and urged the ECJ to rule likewise in the pending case Maximillian Schrems v. Data Protection Commissioner.  As support for his position, the Advocate General focused on questionable U.S. government surveillance practices, as well as the lack of adequate measures for enforcement and the redress of grievances by EU citizens.  The Advocate General also rejected the European Commission’s argument that the Safe Harbor decision should remain in force until the ongoing negotiations for a new Safe Harbor scheme are completed, intensifying pressure for the U.S. and EU to reach a compromise as soon as possible.  In response, the ECJ has not taken any immediate action and is expected to issue its opinion by the end of this year.

At present, the Safe Harbor remains a valid legal tool and is the most cost-effective method to achieve the transfer of personal data from the EU to the U.S.  Alternatives to the Safe Harbor – such as binding corporate rules, the EU model contract clauses, or obtaining opt-in consent from all data subjects – are more expensive and time-consuming for most companies to implement.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Laura E. Goldsmith Laura E. Goldsmith

Laura Goldsmith is a partner in the Technology, Media and Telecommunications Group and member of the Privacy & Cybersecurity Group and Life Sciences Group. Her practice focuses on matters in technology, intellectual property, privacy and data protection across a range of industries including…

Laura Goldsmith is a partner in the Technology, Media and Telecommunications Group and member of the Privacy & Cybersecurity Group and Life Sciences Group. Her practice focuses on matters in technology, intellectual property, privacy and data protection across a range of industries including life sciences, media, entertainment, sports, sports betting, software, professional and financial services, healthcare, retail, fashion and communications.

Laura structures and negotiates complex technology transactions, such as license agreements, joint development agreements, supply, manufacturing or other services agreements, and software-as-a-service agreements.  In particular, she regularly represents life science companies in licensing deals, co-commercialization arrangements, research collaborations, strategic acquisitions, and other transactions.

Laura also counsels clients in navigating compliance with international, federal and state laws related to privacy and data protection in the context of transactions, vendor relationships, internal compliance and external-facing policies.  She is an editor of and contributor to Proskauer’s Privacy Law Blog and contributor to the State Privacy Laws and Financial Privacy chapters of the Proskauer on Privacy treatise published by PLI.

Laura is a member of the Proskauer Women’s Alliance Steering Committee and previously served as its co-chair.

Prior to her legal career, Laura worked as a consultant to global pharmaceutical companies formulating drug development strategy and clinical trial design. She also conducted scientific research in pharmacology and biology at Duke University Medical Center and her research has been published in peer-reviewed journals.

While at Boston University School of Law, Laura served as the Editor-in-Chief for the Review of Banking & Financial Law and interned for Judge Kiyo A. Matsumoto of the U.S. District Court for the Eastern District of New York.