Ding dong, Safe Harbor is (effectively) dead…

Posted · Add Comment

As expected, the Court of Justice of the European Union (“CJEU“) has declared EU-US Safe Harbor protocol to be invalid.

The implications of this judgment are potentially wide-ranging and still being digested, and the precise parameters of the impact is expected to become clearer as additional guidance is provided by EU regulators.  Initial responses from Silicon Valley (including Microsoft, AirBnB and Facebook, as reported recently by the BBC) have been robust – from Microsoft’s “For…enterprise cloud customers, we believe the clear answer is “yes” they can continue to transfer data by relying on additional steps and legal safeguards we have put in place,” to AirBnB’s “this ruling does not have significant impact on us.

As well as the household names above, many pre-employment background screening companies, HireRight included, have in the past relied on Safe Harbor to effect transfers of data from the EU to the US.  However, like many other companies, HireRight’s position is that Safe Harbor is not the only legal means that may be relied upon for such transfers to remain valid.  For example, if a HireRight client uses HireRight’s standard disclosure forms, then express consent is obtained from their EU-screened candidates authorizing the transfer of their personal data outside of the EEA; HireRight also has historically incorporated EU Model Clauses into their services agreements when requested.

For the future and as companies await further guidance, the Safe Harbor 2.0 negotiations continue, though there is no real visibility as to timescale for likely finalisation.  What is certain, is that transfers of personal data between the EU and the US will continue, and regulators will be expecting organisations that historically have relied on Safe Harbor to put in place alternative solutions and to ensure that these flow down through the data processing chain.

HireRight considers itself to be in a strong position to respond swiftly to these changes, and will work with its EU Data Controller clients to facilitate compliance with the new data transfer regime as it develops.

HireRight

HireRight is here to help guide you through the biggest screening challenges so you can focus on what’s important to you; attracting top talent. HireRight provides employment background screening services to organisations of any size, in every industry, and nearly anywhere.

More Posts

Follow Me:
TwitterFacebook


The HireRight Blog is provided for informational purposes only and should not be construed as legal advice. Any statutes or laws cited in this article should be read in their entirety. If you or your customers have questions concerning compliance and obligations under United States or International laws or regulations, we suggest that you address these directly with your legal department or outside counsel.

Comments are closed.