Safe Harbor

Ignoring the Judges

Data SH Imago
What next for data transfer?
  • Why it matters

    Why it matters

    A recent ruling technically made all transfers of personal data from the E.U. to the U.S. illegal. But few think this will ever really be enforced.

  • Facts


    • “Safe Harbor” refers to a legal agreement that had allowed U.S. web businesses to operate without complications in Europe.
    • This month the European Court of Justice declared “Safe Harbor,” to be invalid, but the majority of businesses haven’t changed a thing.
    • German data protection authorities have announced a three-month grace period. After this, they have threatened firms with €300,000 fines.
  • Audio


  • Pdf

What’s the use of a court ruling if everyone ignores it?

This is the dilemma facing Germany’s regional data protection authorities following a ruling by the European Court of Justice (ECJ) overturning the Safe Harbor agreement with the U.S.

Earlier this month judges ruled that transferring personal data to the U.S. – previously allowed under Safe Harbor – is now illegal. That’s because once it lands in U.S. servers, data is not sufficiently protected against government snooping.

In fact, the ruling should have immediately stemmed the flow of data to the U.S.

Yet it’s being roundly ignored in Germany – for now.

According to the Chambers of Industry and Commerce in two German states, North Rhine-Westphalia and Baden-Württemberg, few if any companies have reacted by stopping data flows.

At a meeting of German data protection authorities on Wednesday, most states agreed to observe a transition period.

During this period, companies are to look for alternatives business practices which avoid transferring data to the U.S. Only after this grace period will enforcement measures kick in, including possible fines of up to €300,000.

Want to keep reading?

Subscribe now or log in to read our coverage of Europe’s leading economy.