Safe Harbour - in the eye of the storm and what to do now

Safe Harbour - in the eye of the storm and what to do now

Latest developments on safe harbourIP & IT analysis: As everyone scrabbles to get their head around Safe Harbour following the Schrems decision, Kirsten Whitfield, director of the data protection practice at Wragge Lawrence Graham & Co, considers the latest developments around Safe Harbour.


If your business transfers personal data to the US then you should be considering what practical steps you need to take following the recent decision on Safe Harbour. When the Court of Justice of the European Union's (CJEU) ruled on the invalidity of Safe Harbour, there was a moment of shocked silence, trailed by a huge buzz about the implications.

In the wake of the CJEU 'Schrems' decision, Schrems v Data Protection Commissioner C-362/14 [2015] All ER (D) 34 (Oct), questions have arisen on both sides of the Atlantic but as yet no clear course has emerged to navigate the rough waters ahead. Ultimately, the solution to personal data transfers to the US (dubbed Safe Harbour 2.0) needs to be hammered out by the politicians.

This does not mean, necessarily, that organisations (either themselves or through third parties) which transfer personal data to the US should do nothing--it is still an option to take some protective steps (even if not completely watertight).

Deciding what to do next will be a risk-based decision that pivots around factors such as the nature of the personal data being transferred outside of the EEA country and the size and nature of the organisation. The Article 29 Working Party's statement of 16 October and the European Commission's opinion of 6 November (see more on this below) are key to deciding what to do next.

Various opinions from national data protection regulators have also been issued and these will also be important when deciding on next steps/priorities for personal data flows from particular EEA countries. These regulator statements are crucial for

Subscription Form

Related Articles:
Latest Articles:

Already a subscriber? Login
RELX (UK) Limited, trading as LexisNexis, and our LexisNexis Legal & Professional group companies will contact you to confirm your email address. You can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our  Privacy Policy.

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login

About the author:
Sophie Gould is the Head of Lexis®PSL In-house. Sophie worked as an in-house lawyer for 10 years including seven years as Head of Legal for Virgin Radio and Ginger Media Group. She has also run a legal risk and compliance training business.


Since joining LexisNexis in 2009 Sophie has worked on developing our legal and business content for the in-house legal community.  She also runs various networking and mentoring groups for in-house lawyers and works with schools to promote social mobility within the legal profession.