Alston & Bird has published FAQs regarding the recent decision by the European Court of Justice holding that the U.S.-E.U. Safe Harbor Framework is invalid (also known as the Schrems decision). Please see our blog entry on the decision here.
These FAQs are designed to help companies that rely on the Safe Harbor Framework to legitimize transfers of personal data from the E.U. to the U.S. think about what they need to do in the wake of the decision. The questions include an explanation of the background and history of Safe Harbor, current alternatives to the Safe Harbor Framework that can be used to demonstrate the required “adequate level of protection” for transfers of personal data from the E.U., and considerations for both data controllers and data processors under the EU Data Protection Directive (Directive 95/46/EC). In addition, the FAQs aim to provide practical guidance for companies with a need to transfer specific types of data such as human resources data, or those that are required to transfer data for litigation or e-discovery purposes.
“There is certainly a lot of noise in the system right now about the impact of the Schrems decision,” said Jim Harvey, co-chair of the firm’s Privacy & Data Security practice. “Our goal in publishing these FAQs is to help affected businesses understand that they don’t need to overreact to the decision, but need to deliberately consider how the decision affects them and what they should do to move forward.”