Home News & Events News overview From Safe Harbor to Privacy Shield

Alwin van den Broek

Clinical Study Manager

February 29, 2016

From Safe Harbor to Privacy Shield

Since 2000, US companies were allowed to transfer data from the EU to the US, via the so-called “Safe Harbor”. However, we recently learned that it was justified to question whether this Safe Harbor was really as safe as the name implied.

Already in 2013 the European Commission identified shortcomings in this arrangement and set out 13 recommendations. While the Commission was assessing the Safe Harbor to ensure an adequate level of data protection, the Commission was overtaken by reality.

On October 6th 2015, the Court of Justice declared the Safe Harbor arrangement invalid, thereby fueling the need for a renewed and more robust regulatory framework for transatlantic data flows. Following this annulment, the EU data protection authorities, assembled in the Article 29 Working Party, discussed the first consequences at European and national level. On October 16th 2015, this Article 29 Working Party published a statement that if by the end of January 2016, no appropriate solution is found with the US authorities and depending on the assessment of the transfer tools by the Working Party, EU data protection authorities are committed to take all necessary and appropriate actions, which may include coordinated enforcement actions. It may be clear: Data Protection becomes serious business.

This statement worked out very well! On February 2nd 2016 a press release by the European Commission announced an agreement on a new regulatory framework to be developed for transatlantic data flows: Please welcome: The EU-US Privacy Shield. 

This new framework will include:

  • Strong obligations on companies handling Europeans’ personal data AND robust enforcement
  • Clear safeguards and transparency obligations on U.S. government access
  • Effective protection of EU citizens’ rights with several redress possibilities

Recommendation: Until this EU-Privacy Shield is formalized, please refer to this communication from the commission to the European parliament and the council on the Transfer of Personal Data from the EU to the United States of America under Directive 95/46/EC for future info.

By Alwin van den Broek

About the author

Alwin van den Broek Clinical Study Manager

Alwin has a special interest in the regulatory frame work and data privacy regulations.

November 17, 2017

Start Sooner, Run Fast, Finish Faster – The New York Marathon 2017

At Factory CRO we believe that physical fitness stimulates people to get the best out of themselves. Besides the positive energy, it increases company engagement and team spirit. In light of this philosophy, 12 Factory CRO runners successfully completed the...

Pre Market
May 8, 2019

Factory-CRO Group Bolsters Leadership Team, Solidifying Position as Leading Medical Device and Novel Technology CRO

May 08, 2019 17:00 AM Central European Time Bilthoven, Netherlands — Factory-CRO Group, a leading global contract research organization (CRO), is pleased to announce Sapna Hornyak as its new president and CEO and the appointment of Nick Thornton to chairman...

Pre Market
March 1, 2019

No-deal Brexit Scenario: What Will Happen With The Medical Device Industry?

With 30 March 2019 approaching, the possibility of a no-deal Brexit is still very likely. What happens if a no-deal Brexit occurs? At Factory-CRO we have been thinking a lot about that scenario. Below are six key areas to consider...

Pre Market