Scribd Logo
Upload

Welcome to Scribd!

  • EU Safe Harbor - What Now?

    Uploaded by

    TrustArc
    16 views16 pages
    With the Court of Justice of the EU (CJEU) disavowing the US-EU Safe Harbor Framework, TRUSTe outlines the alternatives to comply with the EU Data Protection Directive for international data transfers and on what to expect in US-EU Safe Harbor Framework 2.0. Access the complete webinar to anticipate the updated US-EU Safe Harbor Framework https://info.truste.com/lp/truste/On-Demand-109-Webinar-Reg-Page.html?asset=JEUYE80N-572

    Original Title

    EU Safe Harbor – What Now?

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    With the Court of Justice of the EU (CJEU) disavowing the US-EU Safe Harbor Framework, TRUSTe outlines the alternatives to comply with the EU Data Protection Directive for international data transfers and on what to expect in US-EU Safe Harbor Framework 2.0. Access the complete webinar to anticipate the updated US-EU Safe Harbor Framework https://info.truste.com/lp/truste/On-Demand-109-Webinar-Reg-Page.html?asset=JEUYE80N-572

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views16 pages

    EU Safe Harbor - What Now?

    Uploaded by

    TrustArc
    With the Court of Justice of the EU (CJEU) disavowing the US-EU Safe Harbor Framework, TRUSTe outlines the alternatives to comply with the EU Data Protection Directive for international data transfers and on what to expect in US-EU Safe Harbor Framework 2.0. Access the complete webinar to anticipate the updated US-EU Safe Harbor Framework https://info.truste.com/lp/truste/On-Demand-109-Webinar-Reg-Page.html?asset=JEUYE80N-572

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    EU Safe Harbor: What Next?

    October 9, 2015

    Privacy Insight Series


    v

    Todays Speakers
    Mr Andrea Glorioso,
    Counselor, Digital Economy / Cyber
    Delegation of the European Union to
    the USA
    Aymeric Dupont,
    Counselor, Justice and Home Affairs
    Delegation of the European Union to
    the USA
    Chris Babel,
    CEO
    TRUSTe

    Privacy Insight Series


    v

    Todays Agenda

    Recap of CJEU Ruling

    Clarification of the Status & Scope of the Ruling


    Steps Companies Can Take Now

    Risk of Enforcement
    Likelihood of Safe Harbor 2.0

    Additional Q&A

    Privacy Insight Series


    v

    Recap of CJEU Ruling

    Privacy Insight Series


    v

    Recap of CJEU Ruling


    On October 6th the Court of Justice of the EU (CJEU) ruled that the current
    U.S.-EU Safe Harbor Framework was:
    no longer a valid method for ensuring adequacy under the EU Data
    Protection Directive 95/46/EC for international Data Transfers
    European DPAs and courts can independently determine whether cross
    border transfer mechanisms comply with EU requirements, regardless of
    a finding by the European Commission
    This means that companies relying on Safe Harbor to legitimize data
    transfers now need to consider alternative compliance mechanisms

    Privacy Insight Series


    v

    Clarification of the Scope of the


    Ruling

    Privacy Insight Series


    v

    Questions Clarifying the Status & Scope of the Ruling

    Is this ruling effective immediately?


    If we are transferring business data, with no consumer data, can we safely
    ignore the Safe Harbor decision, because the data transfer requirements
    only relate to consumer data?
    What are the implications for single sign-on systems that read from a
    corporate directory, like MSFT Active Directory or an LDAP server that's
    located in Europe?
    What are the implications for repositories of data in Europe that are
    routinely accessed by users outside of the EU?

    Privacy Insight Series


    v

    Steps Companies Can Take Now

    Privacy Insight Series


    v

    Questions on Steps Companies Can Take Now


    What steps can customers and technology providers take now? What
    should we be doing? What should we NOT be doing?
    My organization is evaluating the process of becoming Safe Harbour
    certified. Given this new ruling, would you recommend we proceed with this plan
    knowing we might be asked to do more later? ..or would you recommend
    we wait until any new processes / procedures are in place?
    Do companies need to immediately suspend all transfers made under Safe
    Harbor until they put an alternative mechanism in place?
    Are model clauses and Binding Corporate Rules really safe following this
    ruling?

    Privacy Insight Series


    v

    Risk of Enforcement

    Privacy Insight Series


    v

    10

    Questions Around Enforcement Risk


    What is the anticipated timeline for enforcement?
    How long will the EU allow companies that relied on Safe Harbor to
    continue to transfer data until they find another program before violations
    or penalties kick in?
    According to Safe Harbor the only authority that can take direct
    enforcement action against a US company is the FTC. So for US
    companies which have no presence in the EU, is the risk for enforcement
    action actually very small since the FTC does not support this ruling?
    From the point of view of small companies, would you advise letting the
    Googles, Amazons and Facebooks lead the way here?
    Privacy Insight Series
    v

    11

    Likelihood of Safe Harbor 2.0

    Privacy Insight Series


    v

    12

    Questions on Likelihood of Safe Harbor 2.0


    Is a diplomatic solution possible to an ECJ decision?
    Do you think version 2 is around the corner? If not, in what timeframe do
    you think that will be released? In the meanwhile, how much of what
    we've done can we leverage to show compliance as data controllers?
    Would a new Safe Harbor be valid under the proposed GDPR?

    Would a TRUSTe seal of approval still carry value?

    Privacy Insight Series


    v

    13

    Questions?

    Privacy Insight Series


    v

    14

    Contacts
    Andrea Glorioso
    Aymeric Dupont
    Chris Babel

    Privacy Insight Series


    v

    andrea.glorioso@eeas.europa.eu
    aymeric.dupont@eeas.europa.eu
    cbabel@truste.com

    15

    Thank You!
    Dont miss the next webinar in the Series Five Things to CISO
    Needs to Know About Privacy on October 15th
    See http://www.truste.com/insightseries for details of future
    webinars and recordings.

    Privacy Insight Series


    v

    16

    You might also like