The monthly law journal which covers all aspects of data protection and data privacy: data transfer & outsourcing, marketing and e-marketing, freedom of information (FOI), employee monitoring, privacy compliance, online data acquisition and consent, personal data, website compliance and emerging technologies such as behavioural advertising, cloud computing and smart grids. / read more
It’s close to 7pm on a Friday evening and my team are trying their best to manage our clients’ stress and frantic desperation. Jokes about how much they love Max Schrems are shared by email. In the meantime, we are diligently working our way through endless charts of dataflows and attempting to cover every single one of them with intra-group agreements, model clauses and the like. It’s been like this since October and the pace is anything but slowing down. Sorting out international data transfers has always been a difficult compliance challenge for multinationals but the current levels of anxiety are simply unprecedented.
From what I have seen across organisations of all sizes and cultures, the general panic has been in crescendo since the Court of Justice of the European Union (‘CJEU’) issued its ruling invalidating the Safe Harbor adequacy decision. No matter how many times - in public and in private - we have tried to convey the message that there was no reason to panic, fear and uncertainty have taken over the world of international transfers of personal data. It really shouldn’t have been this way but why have we suddenly seen this level of frantic activity to try and legitimise cross-border dataflows when the legal restrictions have been around for the best part of 20 years? Sure, the Safe Harbor decision was pretty dramatic, but only a limited proportion of transfers were covered by it anyway. Why do we appear to be facing some sort of data transfers Armageddon?