Safe Harbor Sunk
The ruling last month by the European Court of Justice held the US-EU Safe Harbor program as invalid. Should you be concerned? Maybe, but probably not.
If someone from Europe visits your Website and provides their name and email, don't panic. It doesn't mean you're subject to whatever potential sanctions this ECJ ruling may initiate. The criterium is not whether you have trade with citizens in the EU, but rather that you are operational in Europe, in the sense that you have subsidiaries or offices in the EU. It is European citizens who have to abide by EU Law, not US based companies and individuals.
On October 6, 2015, the European Court of Justice issued a judgment declaring as “invalid” the European Commission’s Decision 2000/520/EC of 26 July 2000 “on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.”So where is this all going? When will the citizens of Europe be free to work with US companies again? Well, if the above Commerce Department Website notice is any indication, the answers to those questions appear to be completely unknown.
In the current rapidly changing environment, the Department of Commerce will continue to administer the Safe Harbor program, including processing submissions for self-certification to the Safe Harbor Framework. If you have questions, please contact the European Commission, the appropriate European national data protection authority, or legal counsel.
