While EU regulators determine whether to adopt a new agreement
for transfers of personal data from Europe to the United States to
replace the invalid EU-U.S. Safe Harbor Framework, German data
protection authorities have not been idly twiddling their
Hamburg's data protection commissioner, the head of one of
16 Federal German data protection authorities ("DPA"),
announced in February that his agency is investigating
Hamburg-based subsidiaries of large U.S. companies engaging in
transfers of personal data of EU citizens to the U.S.
While the "EU-U.S. Privacy Shield" has been proposed
by the EU Commission as a replacement to the Safe Harbor Agreement
it is still under discussion and has not been formally adopted.
In the meantime, some U.S. companies may still be relying on the
defunct Safe Harbor Agreement to transfer personal data across the
Atlantic. After the Safe Harbor Agreement was declared invalid by
the EU Court of Justice last October, the Hamburg DPA started
investigating the legal bases for continued transfers of personal
data to the U.S.
According to German online media portal Spiegel
Online, the Hamburg data protection authority is
preparing to fine at least three of the 35 U.S. companies based in
Hamburg for continuing to rely on the invalid Safe Harbor agreement
as the legal basis for their transatlantic data transfers of
personal data, and it is investigating two more companies for the
same reason. According to information from Bloomberg BNA,
at least against one of the undisclosed U.S. companies will
definitely have a fine imposed by the Hamburg DPA. A fine for
unauthorized data transfers to the U.S. may amount to EUR 300,000
(around USD 340,000). It is possible that other German DPA's
will follow Hamburg's example and open investigations against
U.S. companies subject to their jurisdiction.
If your company is conducting transatlantic data transfers, in
particular from subsidiaries in Germany, take note of these
investigations and consider alternatives to reduce the risk that
your company will be the next target. You can read about
alternative solutions for transatlantic data transfers in our
previous post on
U.S.–EU Safe Harbor.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).