European Court of Justice Invalidates Safe Harbor

By Michael Klazema on 10/14/2015

On October 6, the European Court of Justice (ECJ) ruled that the Safe Harbor Framework fails to provide adequate protections to European Union (EU) citizens, a move that dismantles the 15-year-old framework and replaces it with much uncertainty about the practical implications of cross-border data transfer.

While the ruling had not been expected for three months, the ECJ acted swiftly to endorse the opinion issued just two weeks ago by the European High Court, who agreed with Austrian Facebook member Maximillian Shrems that Safe Harbor does not protect EU citizens from mass surveillance by US intelligence agencies. 

The ECJ invalidated Safe Harbor partly because it places national security and law enforcement interests above the fundamental right to privacy, “so that United States undertakings are bound to disregard, without limitation, the protective rules laid down” by Safe Harbor.  The ECJ further noted that data review by intelligence agencies is based on no objective or measurable criteria and that EU citizens have no avenue to challenge the use of data held about them.

The judgement puts increased pressure on EU Data Protection Authorities (DPAs), as they now will be responsible for reviewing every citizen complaint regarding data transfer to the United States. 

What This Means to Clients and Their Candidates:

While the ECJ ruling has sent the business and privacy communities into a swirl of uncertainty, it is uniformly agreed that it unlikely that DPAs will suddenly come knocking.  There is currently bi-partisan legislation before Congress that would provide remedies to EU citizens with privacy act complaints and negotiations on Safe Harbor 2.0 have been underway for the past two years.  We expect extended debate on the topic.

It is important to note the ECJ judgement does allow for data transfer to countries without adequate privacy protections under certain exceptions. The most significant one for clients using international services is where “the data subject has given his consent unambiguously to the proposed transfer.” Of the 28 EU countries that have adopted legislation implementing the EU data protection directive, all but Romania have explicitly adopted this exception.

Therefore, suggests that organizations obtain explicit, written consent from the data subject to information about the data subject being sent to the United States.

What You Should Do:

Tag Cloud
Recent Posts

Latest News

  • July 17 — Hourly Employee Screening: What Makes It Unique and Important infographic?Modern employers conduct background checks on most of the people they hire. These checks are most often used to screen full-time salaried workers. Part-timers and hourly employees are typically less likely to face a thorough background check or even go through a background screening at all. According to a survey conducted by, 67 percent of employers screen all of their part-time employees, compared to 83 percent of their full-time employees.
  • July 17 A Kentucky school district recently decided to stop paying for volunteer background checks. Going forward, volunteers will be expected to cover the cost of their own checks, which is $10 per person.
  • July 12 Seeking fresh employees for businesses, some states seek to reduce the number of people denied employment based on old or nonviolent crimes.
  • July 11 Multinational aerospace company - Safran Group - trusts to screen new hires, The products they manufacture can have major implications for aircraft safety and worldwide security. As such, the company needs to be extremely careful and deliberate about who it trusts to join the organization.
  • July 11 Recently cited for driving too fast? Here’s what a speeding ticket will do to your background check report.
  • July 10

    Could your business be vulnerable to employee theft? Protect yourself with more thorough background checks.

  • July 09 While Social Security Numbers aren’t required for criminal history checks, they can be beneficial. Here’s why.
  • July 05

    In June, Chicago Public Schools came under fire after a Chicago Tribune piece accused the district of not protecting students from sexual abusers. The district has announced plans to run background checks on all employees.

  • July 04 — How important are volunteer background checks? Do they even matter?
    Organizations that rely in part on volunteer labor consistently find themselves asking these questions. The assumption is usually that volunteer background checks are less important than background checks for full-time or part-time employees. According to a CareerBuilder survey from 2016, 72 percent of employers conduct background checks on all employees. A parallel statistic isn’t even available for volunteer checks. They are less common – and less valued.
  • July 03 #MeToo harassment allegations continue to reshape workplaces in every industry. As a result, many companies are looking to safeguard themselves from liability.