This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Law & Policy

Current Issue (September 2015)

Volume: 12 Issue: 9



About Data Protection Law & Policy:

The monthly law journal which covers all aspects of data protection and data privacy: data transfer & outsourcing, marketing and e-marketing, freedom of information (FOI), employee monitoring, privacy compliance, online data acquisition and consent, personal data, website compliance and emerging technologies such as behavioural advertising, cloud computing and smart grids. / read more

Safe Harbor - now what?

Let me put this straight: I believe that in the internet age a law that places an outright prohibition on dataflows on the basis of geography is a bad law. Digital information is naturally immune to jurisdictional barriers because the wired and wireless networks it inhabits were created to be global. So placing jurisdictional restrictions on the flow of that information is both unrealistic and ineffective, as the focus shifts from protecting the information irrespective of its location onto how to overcome those artificial restrictions. Yet many laws around the world - old and new - create such barriers in an attempt to preserve the protection afforded to that data in their home jurisdiction. For more than 20 years, Europe has led the charge on this front and the forthcoming data protection regulation is set to preserve the same regime for another 20 years.

Safe Harbor was borne out of the need to overcome the restriction on transfers of personal data from the EU to the US. For decades, Safe Harbor has tried to apply European concepts and principles to a self-regulatory framework that was exclusively available to US corporations. In some cases, Safe Harbor has served as a blueprint for global compliance programmes, whilst in others it has merely been a convenient mechanism to deal with European legal eccentricities. All in all, Europe has always been cynical about the ability of Safe Harbor to deliver European standards of protection to data transferred under it.

Enter Snowden and it was obvious that Safe Harbor was going to be a target of Europe’s anger at America's digital surveillance activities. Fast forward the clock to today and Safe Harbor’s future lies in peril at the hands of a court that has consistently ruled against anything that was perceived to threaten Europe's fundamental rights to privacy and data protection. For what it’s worth, the Court of Justice of the European Union (‘CJEU’) case on the status and validity of Safe Harbor, is not a case against the US technology industry or the ability of the European Commission to agree the right standards of protection. It is a judgment on the level of interference with fundamental rights by the US Government and, as we all know, the CJEU has set a very high bar when it comes to dealing with fundamental rights.

Search Journal Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to Data Protection Law & Policy
Subscribe to Data Protection Law & Policy
Register for a Free Trial to Data Protection Law & Policy
E-Law Alerts
Data Protection Law & Policy Pricing
Cookie Consent Guide - DataGuidance

Social Media

Follow Data Protection Law & Policy on TwitterView Data Protection Law & Policy LinkedIn ProfileData Protection Law & Policy RSS Feed