The U.S. Department of Commerce and European Commission have remained publicly optimistic about their renegotiation of the U.S.-EU Safe Harbor (Safe Harbor) following the program’s invalidation by the European Court of Justice in October. Unfortunately, there are signs of trouble in the U.S. Senate and future trouble coming from European Union (EU) regulators.
The EU data protection authorities’ Working Party 29 set an “end of January” ultimatum for the European Commission and U.S. government to hash out a new transatlantic data sharing pact. That deadline is now ten days away and a solution is not yet in sight.
Here are the key actions (or inactions) to watch:
- Passage of the Judicial Redress Act in the U.S. has stalled in the Senate – and many believe that is an essential ingredient to a new framework.
- The EU Data Protection Authorities are holding a plenary meeting on February 2 to decide the fate of EU-U.S. data transfers more generally.
- A range of possible outcomes are on the table, including “freezing” all new authorizations for U.S. data transfers on the basis of other data transfer mechanisms such as Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs).
- When Safe Harbor was invalidated in Europe, Israel followed suit and declined to recognize Safe Harbor as a valid data transfer mechanism. However, the Israeli data protection authority announced on January 21 that they will hold off on enforcement of Israel-to-U.S. data transfer concerns related to Safe Harbor until the new Safe Harbor is renegotiated.
We will continue to provide timely updates in the coming weeks regarding the renegotiation status and Working Party 29 guidance or actions.