Finally the fact has been said.
Safe Harbor is an instrument for US companies to use at comfort and will to state compliance to EU DPD. I said instrument because it was tilted for the benefit of US companies with “Self signing to assert compliance” with absolutely no country level Privacy Law. Interesting point to note there, US does not have an Umbrella Privacy Act that would be equivalent to EU DPD (EC/95/46). Though state privacy laws prevail, but they are more of “Privacy & Disclosure acts” different for 48 (out of 50) states. With Massachusets Privacy Act being the most stringent.
Summation of situation, US would have to act swiftly and pass that pending Congress Bill that would provide for the US Data Privavy Act rather than banking on State Privacy Acts.
Full on Impact – US companies would need to either follow Standard / Model Contractual Clauses route OR gear up to follow Binding Corporate Rules like the organizations from Third World Countries.
Now it would be interesting to note HOW Federal Trade Commission would deal with this situation as the CJEU ruling actually puts it into a spot. Would they Negotiate for time OR would this lead to Penalties OR would we see different sort of Negotiations!!! The time for some big showdown!!!
For some other articles on this topic, please refer –
- Data Transfer Pact Between U.S. and Europe Is Ruled Invalid – NY Times
- How Will the Safe Harbor Ruling Affect Tech Giants? – Wall Street Journal
- What The EU’s Safe Harbor Ruling Could Mean For Tech Startups – Forbes