WP29 on picking up the pieces post Schrems

Earlier this month the Court of Justice of the European Union (CJEU) delivered a landmark ruling invalidating the Safe Harbor programme used to transfer personal data between the USA and European states (see earlier blog for further details). The Article 29 Working Party (WP29) representing national data protection authorities, the European Data Protection Supervisor and the European Commission has issued a statement on the ramifications of the ruling.

Its statement highlights a number of important issues including:

  • One of the key elements of the ruling is that massive and indiscriminate surveillance is incompatible with the EU legal framework;
  • Transfers that are still taking place under the Safe Harbor decision it considers to be unlawful; and
  • Transfers to third countries where authorities have access which goes beyond what is necessary will not be considered as a safe destination of transfer;

In the short term, WP29 recommends that Standard Contractual Clauses and Binding Corporate Rules can be used. This should enable a lawful transfer, although during this time as WP29 points out data protection authorities can exercise their powers to protect individuals.

For the future, the WP29 is urgently calling on Member States and European institutions to open discussions with the USA to enable transfers in compliance with EU data protection regime. As a solution it is recommending an intergovernmental agreement through which stronger guarantees for EU data subjects are provided for. It also does not rule out that the current negotiations for a new Safe Harbour could be part of the solutions. In the event that by January 2016 a solution is not reached, it provides that data protection authorities are committed to take all appropriate and necessary actions, which may include coordinated enforcement actions.

With the General Data Protection Regulations (GDPR) still on the horizon some of the issues that the Schrems case has raised may also be considered in that process to ensure robust protection for data subjects. For a brief outline of what is likely to come in the GDPR see our earlier blog.

Forbes Solicitors assist a range of businesses with data protection issues including drafting standard contractual clauses. If you are affected by these developments or would like advice on any data protection matter, please contact Daniel Milnes.

Nat Avdiu

About Nat Avdiu

Nat Avdiu is a Paralegal in the Contracts and Projects team at Forbes Solicitors. Nat provides updates for clients on a range of issues including: governance, data protection and freedom of information, procurement and charity law.
This entry was posted in Corporate & Restructuring, Employment Law, Housing Litigation and tagged , , , , , , , , , , , , .