Capgemini News Blog

Capgemini News Blog

Opinions expressed on this blog reflect the writer’s views and not the position of the Capgemini Group

Safe harbour agreement invalid

Category : IT industry
As the European Court of Justice has ruled the safe harbour agreement invalid, I spoke to Mark Lomas, senior consultant within Capgemini's cybersecurity practice, to find out what this means for organisations on both sides of the Atlantic.
 
Mark LomasHe commented: “The EU-US Safe Harbour agreement was a political compromise to allow the transfer of personal data from the European Union to the United States.  As an agreement, it is inherently unsafe and this has now been recognised by the European Court of Justice with its ruling today. We expect that any transfers of personal data to the US that do not have an alternative legal basis like model clauses, binding corporate rules or data subject consent are now prohibited. In practice, the Information Commissioner and other European counterparts should allow a grace period to rectify this, although it will be interesting to read any legal basis they might suggest to authorise this.
 
“What it ultimately means is that US organisations have two options, firstly some may choose to supply services from within the European Economic Area (EEA) – as Microsoft do with Azure in the Netherlands and Amazon Web Services from Ireland.
 
“Secondly, those that want to continue providing services from the US to Europe would be well advised to document their security controls in a template version of the model clauses so that they are ready for contract negotiation.
 
“On the customer side, European businesses need to review the legal basis for cross-border data transfers to ensure that the right safety and privacy controls are in place with their supplier.”
 
“The ruling also makes clear that supervisory authorities such as the Information Commissioner have the power to rule that a ‘third country’ such as the US does not ensure an adequate level of protection even if this is contrary to a finding from the European Commission.”
 
The full ruling is available to read here

About the author

Magda Bulska
Magda Bulska
Magda is responsible for managing Capgemini’s media relations programme and supporting its digital and internal communications activities. Before joining Capgemini in 2015, she ran PR campaigns in the UK and across EMEA for a number of blue chip companies and start-ups. Originally from Poland, Magda is passionate about (in no particular order) good films, travel photography, diversity and discovering quirky places all around the UK.

Leave a comment

Your email address will not be published. Required fields are marked *.