Skip to main content

Data Protection: USA

Question for Department for Digital, Culture, Media and Sport

UIN HL1614, tabled on 14 September 2017

To ask Her Majesty's Government what steps they have taken to implement the judgment and findings of the European Court of Justice in Schrems v Data Protection Commissioner.

Answered on

22 September 2017

In October 2015, the European Commission's adequacy decision on the Safe Harbor Agreement was invalidated by the Court of Justice of the EU (CJEU) in the Schrems case. The Court ​considered that the third country concerned must ensure an adequate level of protection safeguarded by its domestic law or international commitments, and that the reliability of such a system, in light of that requirement, is founded essentially on the establishment of effective detection and supervision mechanisms in relation to the protection of fundamental rights. ​Consequently, the Court found that the Safe Harbor Agreement failed to comply with the requirements of Directive 95/46/EC and established Human Rights law. The judgment was addressed to the Commission. The EU-US Privacy Shield decision has since replaced the Safe Harbor agreement, in providing a basis for personal data transfers from the US to the US companies certified under the scheme.

The Information Commissioner has provided regular updates to the status of the Privacy Shield and remains an active member of the Article 29 Working Party Privacy Shield annual joint review team.