Karen H Bromberg, Partner
Duane A Cranston, Associate
The Safe Harbor Framework, an agreement which thousands of multinational companies used to transfer
personal data between the EU and the US without breaching the EU's strict data protection rules, was
invalidated last October by the EU Court of Justice (CJEU) in the Schrems case. Following the collapse of
this framework, many business entities entered into standard contractual clauses like Model Clauses and
Binding Corporate Rules (BCRs) to effect transatlantic transfers of personal data to the United States.
In an earlier alert, we opined that the CJEU's rationale for striking down the Safe Harbor Framework -
namely, the alleged large scale access to private data enjoyed by U.S. intelligence agencies - seemed at
least potentially applicable to Model Clauses and BCRs as well, and warned that companies relying on these
mechanisms should expect future legal challenges. It appears that time has come.
|