We have reported in earlier alerts about the issues with the collapse of the Safe Harbor Scheme for EU-US data transfers. You can see our earlier alerts and films here. We also reported in our alert on 9 February on the start of Safe Harbor enforcement with the CNIL’s action in France against Facebook.
Unconfirmed reports in Germany suggest that enforcement is underway in at least two German Länder.
Germany has a state (Land) rather than federal system of privacy and each Land has its own regulator. Reports suggest that the Hamburg regulator, Dr Johannes Caspar has said that he will commence penalty proceedings against three companies and he was actively investigating a further two. This action is in keeping with the position paper that the Hamburg Commissioner for Data Protection and Freedom of Information published on 5 November 2015 in which he said that the period for requesting information would last until the end of January 2016 and that
legal provisions for the enforcement of the decision will be taken from February 2016. This means, in particular, the issue of prohibition orders or imposition of fines. ’
Reports also suggest that at least one other Land, Rheinland-Pfalz, is also starting enforcement proceedings. The Rheinland-Pfalz Commissioner, Professor Dr Dieter Kugelmann also said on 10 February that Safe Harbor transfers could not be valid and that it was too early to evaluate whether the new EU-US Privacy Shield could be a replacement.
As we said in our alert in January businesses have to have a plan to cope with the loss of Safe Harbor. There are some tips in our January alert as to what that plan might look like.
Jonathan Armstrong and André Bywater are lawyers with Cordery in London where their focus is on compliance issues.
Jonathan Armstrong, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH
Office: +44 (0)207 075 1784
André Bywater, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH
Office: +44 (0)207 075 1785