Posted in EU Adequacy

EU Data Protection

An Honest Recap on Safe Harbor

By Eduardo Ustaran, CIPP/E

The recent vote at the European Parliament—by an overwhelming majority of 544 to 78 members, with 60 abstentions—calling for the immediate suspension of Safe Harbor has sent some powerful shockwaves across the business and legal communities in the EU and beyond. This should not have come as a surprise, given that the European Parliament has been very vocal in this respect for a while, but it is still a chilling reminder of the uncertainty surrounding the scheme—possibly the most widely relied upon mechanism to legitimise data flows between the EU and the U.S.

The big question that remains on the ground is whether EU-based organisations that rely on Safe Harbor as the legal basis for transferring data to either their own corporate group entities or service providers operating in the U.S. are doing the right thing or should be looking for alternatives.

More from Eduardo Ustaran


The Questionable Legality and Practicality of the EU’s Proposed “Anti-FISA” Clause

As it has been noted on these pages one of the tangible results of the Snowden revelations has been the (re)introduction of a provision in the EU’s proposed General Data Protection Regulation aiming to limit and control the transfer of personal data to authorities in third countries, the main concern motivating this initiative clearly being concerns regarding the transfer of personal data to U.S. intelligence and law enforcement authorities.

Originally, the European Commission had intended for such a provision to be included in Article 42 of the data protection reform proposal tabled in January 2012, but—if one chooses to believe the many press reports one the matter—due to intense lobbying pressure from the U.S. government, the provision was removed. That is, of course, not the full picture.


The Impact of PRISM on International Data Flows

By Eduardo Ustaran, CIPP/E

An exasperatingly awkward challenge affecting the current data globalisation process is the prohibition on exports of data that is present in a number of the world’s data privacy laws.  This is something that European organisations have had to live with since the mid-90s, and frustratingly, the trend is being extended to other jurisdictions. Disregarding the reality of Internet and mobile communications, some policy-makers and regulators insist on building some sort of physical or at least digital fortress around the data within their jurisdiction with the aim of preventing unwanted interferences. In the most extreme cases, international data flows are only allowed under the express authorisation of a national regulator that will seek to scrutinise the safeguards in place to the finest detail.

More from Eduardo Ustaran


Trade Law and Privacy Law Come Together

I think it is cool that at my law firm, Hogan Lovells, we have a former Ambassador from the EU to the U.S. and a former U.S. Trade Representative; but in my years at the firm, I never have had a chance to do any work with them.

Likewise, I work just down the hall from lawyers in our international trade group, and up to now, my interactions with them in my role as a leader of our Privacy and Information Management practice have been mostly social.

More from Christopher Wolf