Information Commissioner's Office
ICO response to ECJ ruling on personal data to US Safe Harbor
The ICO has issued a statement in response to the European Court of Justice ruling about the legal basis for the transfer of personal data to businesses that are members of the US Safe Harbor.
Deputy Commissioner David Smith said yesterday:
“Today’s ruling is clearly significant and it is important that regulators and legislators provide a considered and clear response. This ruling is about the legal basis for the transfer of personal data to businesses that are members of the US Safe Harbor. It does not mean that there is an increase in the threat to people’s personal data, but it does make clear the important obligation on organisations to protect people’s data when it leaves the UK.
“The judgment means that businesses that use Safe Harbor will need to review how they ensure that data transferred to the US is transferred in line with the law. We recognise that it will take them some time for them to do this.
“It is important to bear in mind that the Safe Harbor is not the only basis on which transfers of personal data to the US can be made. Many transfers already take place based on different provisions. The ICO has previously published guidance on the full range of options available to businesses to ensure that they are complying with the law related to international transfers. We will now be considering the judgment in detail, working with our counterpart data protection authorities in the other EU member states and issuing further guidance for businesses on the options open to them. Businesses should check the ICO website for details over the coming weeks.
“Concerns about the Safe Harbor are not new. That is why negotiations have been taking place for some time between the European Commission and US authorities with a view to introducing a new, more privacy protective arrangement to replace the existing Safe Harbor agreement. We understand that these negotiations are well advanced."
Latest News from
Information Commissioner's Office
Joint statement on global privacy expectations of Video Teleconferencing companies27/10/2021 13:20:00
In July 2020, six data protection and privacy authorities from Australia, Canada, Gibraltar, Hong Kong SAR, China, Switzerland and the United Kingdom jointly signed an open letter to video teleconferencing (VTC) companies. The letter highlighted concerns about whether privacy safeguards were keeping pace with the rapid increase in use of VTC services during the global pandemic, and provided VTC companies with some guiding principles to address key privacy risks.
ICO warning after Scottish charity reveals personal data in email error25/10/2021 12:25:00
The Information Commissioner’s Office (ICO) is urging organisations to revisit their bulk email practices after failures by HIV Scotland led to a £10,000 fine.
Blog: Providing practical data protection guidance to the media sector13/10/2021 14:25:00
A blog by Elizabeth Denham, Information Commissioner
ICO response to DCMS consultation “Data: a new direction”07/10/2021 12:20:00
Foreword from Elizabeth Denham CBE, UK Information Commissioner.
Statement on mandatory vaccination and COVID status check schemes ahead of their introduction in Scotland and Wales29/09/2021 14:10:00
The UK Information Commissioner, Elizabeth Denham, commented ahead of the introduction of mandatory vaccination and COVID status checks in Scotland and Wales
Statement in response to use of ICO corporate charge card28/09/2021 15:20:00
An ICO spokesperson released a statement in response to use of ICO corporate charge card
Statement in response to use of ICO corporate charge card27/09/2021 16:43:00
Statement given in response to use of ICO corporate charge card.
International progress for domestic benefit: why the ICO convened a G7 meeting on data flows20/09/2021 16:15:00
A blog by Elizabeth Denham, UK Information Commissioner