The European Court of Justice struck down the safe harbor data transfer accord in October 2015. This decision nullified the 15-year old Safe Harbor Agreement that thousands of US companies (including Pantheon) leverage to certify that their web services are in compliance with Europe’s data transfer rules.
A new European data privacy framework, 'Privacy shield’, is quickly making its way through a series of reviews, ratifications and approvals. This month, 29 European data protection authorities (DPA) made up of 28 national representatives and the European Data Protection Supervisor will meet to agree on a common position that will be brought to the European Council in Brussels later this spring. Followers of this process expect to see EU-U.S. Privacy Shield in action by the fall of 2016.
Absent an approved replacement framework for transferring private data from Europe to the U.S., Pantheon continues to adhere to the Privacy Principles as articulated by the U.S.-EU Safe Harbor Agreement. Pantheon also remains committed to cooperate with the EU data protection authorities (DPAs) for Dispute Resolution.
It is our plan to replace U.S.-EU Safe Harbor by committing to the EU-U.S. Privacy Shield once it goes into full effect. We plant to complete the certification process quickly and be in compliance in Q4 2016.
You can read about the EU-U.S. Privacy Shield framework and related work of the U.S. Government on the European Commission website here.
It is our position that adhering to the principles of the existing framework in conjunction with the new data protection rights afforded to EU citizens by the Judicial Redress Act signed into law by President Obama on 29 February 2016 substantially closes the gap opened by invalidating U.S-EU Safe Harbor.
For more background on this topic, see my previous post.Topics: Security