Email and the Law

Safe Harbour: light at the end of the tunnel?

The Judicial Redress Act 2015 has passed through the US House of Representatives (The House) almost 'on the nod'. It gives foreigners the same rights of redress against American law enforcement agencies if they violate the right to privacy of data. 
Both houses of Congress are historically reluctant to allow those outside the USA equivalency and there is little doubt that the recent case of Schrems v Data Protection Commission, where the Safe Harbour (SH) provisions on data transfer to the States was found unfit for purpose, has increased their enthusiasm for the act. It is seen as a signal that the USA view a replacement for SH with some urgency. 

WizEmail's Security Bot will make sure to protect you and your dataBefore going out and celebrating the end of all the problems for those of us who transfer data to the USA, it should be recognised that the major cause of the action in the Schrems case, that the state can intercept data with little legal restriction, remains. 
The action of The House, and probably The Senate, shows that the USA recognises the problem of data privacy. Unfortunately, the difference in attitudes between the EU and the USA on the subject remains. Further, some EU states are under a lot of pressure from their population to increase security and empty actions will not reassure them.

About to become law, although full implementation is not expected until 2017, is the European General Data Protection Regulation, which is likely to prove a major hurdle to any fudge over the replacement for Safe harbour. It is possible that it might be modified to incorporate the Schrems case, but it has been three years in the making and further delay will generate concern.

If you currently, in the past or have plans to transfer data to the USA, there are some steps you can take to mitigate the risks. Firstly, don't depend on the deadline date given by the Article 29 Working Party of 31 January 2016. Whilst any private action might result in a low award, damage to your reputation might be considerable. Secondly, identify actions you can take to secure your data transfer, and implement them.

Article 29 Working Party

ICO view

EC comment



30 days full functionality - No credit card required - INSTANT ACCESS