Last Wednesday, President Trump signed an immigration-related Executive Order (EO) titled “Enhancing Public Safety in the Interior of the United States” that, among other...30 January 2017
Irish High Court Refers Questions to European Court of Justice: Can National DPAs Disregard Safe Harbor?
The Safe Harbor Principles, which have been agreed upon by the European Commission and the U.S., ensure the required adequate level of data protection when transferring personal data from Europe to the U.S. Many companies transferring personal data from Europe to the U.S. use this option instead of Standard Contractual Clauses, individual consent, or Binding Corporate Rules.
In the 18 June decision [number 2013 No. 765JR], the Irish High Court referred a number of questions concerning the application of the Safe Harbor Principles to the ECJ under Article 267 of the Treaty on the Functioning of the European Union (TFEU). The key issue of the referral is the question of whether the decision of the European Commission on Safe Harbor is binding on national authorities.
Earlier in the Schrems case, the Irish Data Protection Commissioner had rejected a complaint against the transmission of personal data because it complied with the Safe Harbor Principles. Furthermore, the Irish supervisory authority for data protection did not see a reason to begin investigations because the transmission had been conducted upon the grounds of Safe Harbor and therefore based upon the decision of the European Commission.
This binding effect has now been questioned by the High Court, combined with a reference to both current developments and Articles 7 and 8 of the European Charter of Fundamental Rights. Particularly, Justice Hogan submitted to the Court the question of whether national supervisory authorities for data protection have the right to conduct their own investigations and come to their own decision even if the data are transferred on the grounds of the Safe Harbor Principles.
It is hard to predict when and how the ECJ will decide, particularly after its unexpected decision in the Google case. Besides the ruling on Safe Harbor, it will be interesting to see if the Court will take the opportunity to provide any rulings more broadly concerning the scope of European data protection.
On a separate track, as we reported previously, negotiations between the European Commission and the United States concerning revisions to the Safe Harbor Principles are ongoing, although those developments would surely be affected by a ruling adverse to Safe Harbor.
Antoinette von Schweinitz, a trainee solicitor in our Munich office, contributed to this blog post.
A stricter regime for profiling07 June 2016
The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...06 June 2016