The monthly law journal which covers all aspects of data protection and data privacy: data transfer & outsourcing, marketing and e-marketing, freedom of information (FOI), employee monitoring, privacy compliance, online data acquisition and consent, personal data, website compliance and emerging technologies such as behavioural advertising, cloud computing and smart grids. / read more
Of the myriad of issues that one can possibly encounter in the data protection world, international data transfers will always be a controversial focus of attention. The main reason for this is that the limitations affecting what is otherwise at the core of our globally connected lives have consistently featured in European and other data protection laws for decades. So as technology evolves and the internet becomes ever more pervasive, overcoming legal barriers affecting dataflows gets higher and higher on the priority list. And since the legal framework is unlikely to change its direction of travel any time soon, it is a real business necessity to find a way of ensuring that our everyday dataflows are in compliance with the law.
This was in fact the main practical consequence of the Court of Justice of the European Union (‘CJEU’) decision in the Schrems case: no international data transfers without an adequate level of protection. The EU data protection authorities (‘DPAs’) did not waste any time in reiterating that where international data transfers were involved, putting data protection safeguards in place was a compliance priority. This wasn’t just some grandstanding by emboldened and bullish regulators. The inquisitorial letters that a number of EU DPAs have, in recent months, sent to any Safe Harborites on record served as a sobering reminder that this was for real. And even before a suitable substitute for Safe Harbor was officially in place, some of those DPAs decided to take enforcement action and sanction those who were not seen to be acting fast enough to address this issue.
Read more here