After Safe Harbor: Germany imposes fines for US data transfers

June 10, 2016 Leave a comment
Due to the judgement of the European Court of Justice (ECJ) against the European Commission´s Safe Harbor agreement, many companies which had sent personal data to U.S. companies lost the essential legal basis for these data transfers. Now, data protection authorities in the German federal state of Hamburg have drawn first consequences and have imposed fines (EUR 8,000 – 11,000) upon a number of companies in Hamburg that had failed to implement alternative privacy compliance schemes for their data transfers to the USA.

After the ECJ decision, companies needed to implement certain rules (the only practical way, according to German authorities, being the EU model clauses) in order to sufficiently comply with data protection requirements.

Nevertheless, some companies failed to meet these demands even six months after this judgement. The Hamburg data protection authority’s probe into 35 companies showed that while the majority of the reviewed companies has made use of the EU model clauses, some companies failed to take sufficient measures.

Even if in the meantime, all of the investigated companies have made their data transfer procedures compliant with EU law, it must be assumed that now the authorities in other German states and elsewhere in the EU will also initiate or intensify similar reviews. Therefore, anyone sharing or transferring personally identifiable information from Europe to the USA would be well advised to legally examine their present data protection arrangements.

Although there are significant legal concerns against the usage of the EU model clauses, the authorities apparently consider them (at least for the time being) as a sufficient mechanism. The EU-U.S. Privacy Shield as the follow-up agreement to Safe Harbor, on the other hand, is still viewed with much criticism.

Print Friendly
Felix Hilgert

Felix Hilgert

Senior Associate at Osborne Clarke
Felix is a lawyer with Osborne Clarke's IT Team in Cologne, where he acts for companies of all sizes, from start-ups to market leaders.

Add a Comment: