German DPAs announce they wouldn’t authorize data transfers to US based on binding corporate rules or data transfer agreements

After the recent decision by the ECJ which gave back to the EU data protection authorities the right to examine whether data transfers violate EU privacy rules despite compliance with Safe Harbor, which was in fact abolished, the  WP29 offered some practical suggestions to businesses reminding that “Standard Contractual Clauses and Binding Corporate Rules can still be used” for international data transfers. See here for more information on these alternatives.

However, on October 26, 2015, the German data protection authorities of the federal and state governments (Datenschutzbehörden des Bundes und der Länder – Datenschutzkonferenz) published a joint position paper making companies aware that they are currently not issuing new authorizations for data transfers to the USA on the basis of binding corporate rules or data transfer agreements.

The German DPAs’ joint position paper is available (in German) at https://www.datenschutz.hessen.de…

For more information, Francesca Giannoni-Crystal

Follow us on& Like us on