The Information Commissioner’s Office has published an article outlining its response to the Court of Justice of the European Union’s invalidation of the Safe Harbour agreement.
The Safe Harbour agreement provided a streamlined and unified process whereby US companies could ensure compliance with EU data protection law. Earlier this month, the CJEU invalidated this agreement. The decision is the latest fall-out from the revelations of Edward Snowden, the whistle-blower who in 2013 leaked documents detailing the extensive mass surveillance activities of the NSA and GCHQ.
The ICO advises data controllers to “take stock” and “don’t panic”.
We’re certainly not rushing to use our enforcement powers. There’s no new and immediate threat to individuals’ personal data that’s suddenly arisen that we need to act quickly to prevent. Of course we’ll consider complaints from affected individuals, whatever transfer mechanism you’re relying on, but we’ll be sticking to our published enforcement criteria and not taking hurried action whilst there’s so much uncertainty around and solutions are still possible. We can’t create legal certainty where there is none but we will continue to work with our European counterparts in an effort to ensure that, as far as possible, we’re all delivering a single and sensible message.
Hat tip: Andrew Cormack