After the Court of Justice of the European Union declared the EU-U.S. Safe Harbor Framework invalid in October 2015, multinational companies with employees in the EU are facing the question how to legally transfer personal data. Current developments in the process of the proposed EU-U.S. Privacy Shield result in further uncertainty for companies relying on transatlantic data flows.
You know how you wait for ages for a bus to come (well, we do in Europe) and then three come along at once? Well it’s a little like that in the data privacy arena right now, as far as transfer of international personal data is concerned, anyhow. For years, there has been a reasonably steady and fairly consistent position from the various bodies responsible for this complicated and often confusing area of law, but in the last few weeks we have been hit with a significant change overnight and we are all left wondering where to get off.