In an article co-authored by our own James Black and recently published in the European Law Journal, the subject of the demise of the long established – and much bemoaned – US and EU Safe Harbor Agreement (which provided a framework for the transfer of personal data between the US and EU) was discussed.
For almost 15 years the US and EU have had an agreement in place that permitted the exchange of personal information of employees and customers between the EU (which has broad and protective privacy protections) and the US (which does not). The arrangement, called Safe Harbor, was a self-certifying program with little government oversight. In other words, a company could certify that it was in compliance with the Safe Harbor principles, i.e. generally in compliance with European privacy laws. Unless there was a specific complaint made, no one ever checked these companies’ compliance. About 4000 US companies participated in Safe Harbor. In October, 2015, in a case brought by a Belgian citizen who claimed that Facebook was not properly protecting his personal data, the European Court of Justice threw out the Safe Harbor agreement, stating it was void, as it failed to adequately protect the personal information of EU citizens.
The EU and US scrambled to replace Safe Harbor, so that data could flow between the US and EU. In late February, they announced the Privacy Shield Agreement. This agreement has already been heavily criticized as Safe Harbor 2.0. It is still primarily a self-certification program, although the US Department of Commerce has promised to take a more active enforcement role. Each EU member country’s Data Protection Authority (DPA) must agree to the new program. A DPA review has begun but, based on the public statements already made, the EU Commission and US Department of Commerce may find themselves back at the drawing board. Download the full article here.
Whether your firm is one of the nation’s largest defense contractors or new start-up pitching for its first government contract, our team is ready to help. With diverse experience in a wide range of fields and industry sectors, the Government Contracts and Compliance Group deftly navigates this unique intersection of law, business, and government, and to provide our clients with creative, flexible, and effective business strategies.