US House Passes Judicial Redress Act to Facilitate Safe Harbor Negotiations

Background

Following a September 23, 2015 opinion by Advocate General (AG) Bot that the US-EU Safe Harbor framework, which provided for the "safe" transfer of personal data from the EU to the US, did not provide sufficient guarantees for the protection of the rights of EU citizens, the Court of Justice of the European Union (CJEU) invalidated the Safe Harbor framework. In reaching its conclusion that the Safe Harbor framework failed to adequately protect privacy, the CJEU cited what it deemed to be the Safe Harbor's shortcomings—including its lack of a judicial redress procedure for EU citizens. See our previous articles on the AG opinion and subsequent CJEU decision for more information.

EU and US authorities have been renegotiating the Safe Harbor framework for the past two years, however, the CJEU's decision places additional pressure on both sides to finalize negotiations. On October 16, 2015, the Article 29 Working Party, an influential advisory group made up of representatives from the data protection authority of each EU Member State, injected additional urgency into the talks when it announced that a new data sharing agreement should be in place by the end of January 2016, otherwise "coordinated enforcement actions" against companies unlawfully transferring data may be considered.

The Judicial Redress Act

In response to the CJEU decision, on October 20, 2015 the US House of Representatives passed the Judicial Redress Act (H.R. 1428). The bill would give citizens of designated close US allies the same legal rights enjoyed by US citizens under the Privacy Act of 1974, including the power to sue certain US federal agencies for mishandling their personal information.

"The sudden termination of the Safe Harbor framework strikes a blow to US businesses by complicating commercial data flows. If we fail to pass the Judicial Redress Act, we risk similar disruption to the sharing of law enforcement information," said US Representative Jim Sensenbrenner (R-Va.), one of the bill's sponsors.

What now?

By addressing the CJEU's concern about the lack of judicial redress for EU citizens, the House's passage of the bill is viewed by some as a critical step toward establishing a new data protection and privacy rights framework with the EU. However, given that the Privacy Act of 1974 contains a number of exceptions for law enforcement and intelligence actions, some have cautioned that the House bill may not go far enough in addressing the concerns outlined in the CJEU decision. The bill now moves to the Senate for approval.

Impact on companies

Although the House's passage of the Judicial Redress Act offers hope to thousands of companies anxious for a new US-EU data sharing agreement, businesses which previously relied on the Safe Harbor framework should continue reevaluating their options for transferring data from the EU in light of the Working Party's stated January 2016 deadline. Additionally, and as discussed in previous alerts, companies operating in more than one Member State should monitor data protection authorities' responses to these developments and consider whether alternative transfer methods, such as Model Contract Clauses, might be appropriate for their business.

This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.