industry focus
German Data Protection Commissioners take action against Safe Harbor
The protection of international customer data as provided by the so-called ‘Safe Harbor Program’ operating between the EU and the US, is under threat from within, which will mean that companies need to consider alternative methods of protecting cross-border sensitive information such as credit or debit card details.
The Berlin and Hamburg Data Protection Commissioners have made a number of important announcements regarding the ‘inadequacy’ of the programme.
Both Dr. Alexander Dix and Prof. Johannes Caspar, Commissioners for Berlin and Hamburg respectively, have asserted that U.S. companies do not protect data to the same level as EU companies, even when U.S. companies certify that they will adhere to the Safe Harbor provisions.
In addition, the Data Protection Authorities (DPAs) stated that there may be inadequate enforcement of the Safe Harbor Program by the Federal Trade Commission. Speaking on behalf of his colleagues from 16 German states, Dr. Dix said:
“The Safe Harbor agreement is practically dead, unless some limits are being placed to the excessive surveillance by intelligence agencies”.
Dr. Dix further announced that the German DPAs in Berlin and Bremen have initiated administrative proceedings against two U.S. companies that base their data transfers on the EU/U.S. Safe Harbor Program.
In these proceedings, the Germany DPAs have expressed their intention to stop data transfers for a limited time. Some commentators have suggested that an actual suspension of data transfer may potentially lead to a court decision, which could deny the supervisory authorities’ competence to suspend data transfers.
Paul Nemitz, Director for fundamental rights and union citizenship at the Directorate-General Justice of the European Commission, stressed that “there is an economic incentive to make Safe Harbor work”. However, in order for trans-Atlantic businesses to flourish, organisations need to be more transparent.
In light of these developments, global organisations are likely to consider alternative approaches to the Safe Harbor Program, such as EU Model Clauses, for data transfers from European jurisdictions, such as from Germany to the United States.
