Title: Safe harbour not so safe anymore: the European Court of Justice Judgment C-362/14 (Maximillian Schrems versus Data Protection Commissioner)

Authors: Christina M. Akrivopoulou

Addresses: Greek Refugee Appeals Authority, Kanellopoulou Avenue 2, PC 101 77, Athens, Greece

Abstract: The European Union has adopted over the years a most protective legal framework regarding privacy and data protection with Directive 95/46/EC holding a primary role. Under the current EU legislation companies and organisation operating in the European Union cannot transfer personal data to third countries unless they can guarantee that the EU standards of protection will be followed. With the Safe Harbor Decision (2000/520/EC) of the European Commission, a set of principles processed between the US Department of Commerce and the European Union provided the framework for US companies to certify that they meet the EU requirements for personal data protection. Nevertheless, most recently, the European Court of Justice (C-362/14) responding to a preliminary question referred by the High Court of Ireland regarding Facebook's processing of personal data in the US, considered the Safe Harbor Decision as invalid due to the fact that it does not required all organisations and more specifically US federal government agencies to work with to comply with its requirements. Therefore, according to the European Court of Justice, the Safe Harbor Principles cannot provide with the sufficient guarantees.

Keywords: personal data protection; Safe Harbor Principles; privacy protection; privacy preservation; European Commission; European Court of Justice; EU legislation; Facebook; USA; United States.

DOI: 10.1504/IJHRCS.2016.076057

International Journal of Human Rights and Constitutional Studies, 2016 Vol.4 No.1, pp.85 - 91

Published online: 22 Apr 2016 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article