• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

Safe Harbor Framework in Jeopardy after Advocate General Decision

September 23, 2015 By Privacy, Cyber & Data Strategy Team

Today, Advocate General Yves Bot advised the European Court of Justice that the US-EU Safe Harbor framework for the protection of trans-Atlantic transfers of personal data is invalid. The long awaited Opinion of the Advocate General in the so-called “Schrems case” (Case C-362/14 Maximilian Schrems v. Data Protection Commissioner) has now been published.

The case concerns the transfer of Mr. Schrems’ personal data by Facebook Ireland to servers located in the United States. Mr. Schrems claimed that his personal data was unlawfully exposed to surveillance measures by the United States’ intelligence services. Mr. Schrems filed a complaint with the Irish Data Privacy Authority, which refused to investigate the matter, based on its opinion that it was bound by the EU Commission Decision establishing the US-EU Safe Harbor framework. Mr. Schrems filed for judicial review of the Irish DPA’s finding with the Irish High Court. Upon review, the Irish High Court asked the European Court of Justice to determine whether a data protection authority is bound by a Commission finding that the US-EU Safe Harbor framework provides adequate protection in the face of a complaint alleging it does not, and additionally, if the data protection authority may or must conduct an independent investigation of the matter.

Surprisingly, Advocate General Bot took the view that national data protection authorities are not necessarily bound by the EU Commission Decision establishing the US-EU Safe Harbor framework and may decide independently to suspend an international data transfer. More generally, the Advocate General expresses doubts as to the ability of EU citizens to obtain effective judicial protection once their personal data is transferred to the US. The Advocate General considers that the US-EU Safe Harbor framework does not compensate for the United States’ lack of ability to ensure an adequate level of protection for trans-Atlantic transfers of personal data. Accordingly, he recommends the ECJ to invalidate the US-EU Safe Harbor framework.

The Advocate General’s Opinion is not binding on the Court of Justice. However, in practice, the Court of Justice tends to follow the Advocate General opinions. Judgment will be given within the coming months.

The Opinion is available here.

Filed Under: International, Online Privacy, Privacy, Privacy Litigation, Privacy Policy, Regulation Tagged With: European Court of Justice, European Union (EU), Irish DPA, Max Schrems decision, Safe Harbor

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • DOJ Issues New Policy on CFAA Prosecutions
  • EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
  • The California Privacy Protection Agency Solicits Public Input on Forthcoming Privacy Regulations
  • U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum
  • Colorado Issues Pre-Rulemaking Considerations for the Colorado Privacy Act
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.