EU Safe Harbour

Updated by Christain Brown on Oct 3, 2015

EU Safe Harbour

U.S.-EU-Safe-Harbor Small.jpeg

The European Court of Justice (ECJ) has cited that the Safe Harbour Agreement that exists between EU countries and the USA is not legitimate and therefore does not provide adequate protections for EU data transfer to the USA.

What exactly is Safe Harbour?

  • The term refers to an agreement struck by the EU and US, that came into effect in 2000.
  • It was designed to provide a "streamlined and cost-effective" way for US firms to get data from Europe without breaking its rules.
  • The EU forbids personal data from being transferred to and processed in parts of the world that do not provide "adequate" privacy protections.
  • So, to make it easier for US firms - including the tech giants - to function, Safe Harbour was introduced to let them self-certify that they are carrying out the required steps.
  • More than 5,000 US companies make use of the arrangement to facilitate data transfers.

Why was it challenged?

  • In 2013, whistleblower Edward Snowden leaked details about a surveillance scheme operated by the NSA called Prism.
  • It was alleged the agency had gained access to data about Europeans and other foreign citizens stored by the US tech giants.
  • Privacy campaigner Max Schrems asked the Irish Data Protection Commission to audit what material Facebook might be passing on.
  • However, the watchdog declined saying the transfers were covered by Safe Harbour.
  • When Mr Schrems contested the decision, the matter was referred to the European Court of Justice.
  • The case reflected a clash between two cultures: in the EU, data privacy is treated as a fundamental right; in the US, other concerns are sometimes given priority.

Below is the message released from CenturyLink legal / marketing that we are able to share. We have been provided an interim fix for some specific situations in the UK on deals we are negotiating, but until legal / compliance have decided on a permanent fix we should reach out to our deal attorneys for specific client situations in the first instance.

“With the recent decision of the European Court of Justice invalidating the U.S. Safe Harbor Certification Program, CenturyLink is reviewing its options for an alternative compliance framework. CenturyLink fully intends to retain the administrative, technical, and physical security controls currently deployed to protect customer data and support its global compliance programs as it examines other frameworks that will continue to enable data transfers across its global Hybrid IT services. We will keep all customers informed as we choose a path forward in response to the Court’s decision.”

Background information on the topic or recent news, please follow;

Additional questions, please go to Brian Hughes or your deal attorney.

Customer Support

Can’t find what you need?
Give us a call.


M – F, 8am to 6pm