On January 28, 2015, the German conference of data protection commissioners hosted a European Data Protection Day event called Europe: Safer Harbor for Data Protection? – The Future Use of the Different Level of Data Protection between the EU and the US.
At the conference, the speakers discussed the validity of the U.S.-EU Safe Harbor Framework. Previously, in 2013, the German data protection commissioners stated that they would review whether to suspend data transfers made from Germany to the U.S. pursuant to the U.S.-EU Safe Harbor Framework. During the conference, it was revealed that the data protection commissioners initiated administrative proceedings against two U.S. companies in the German states of Berlin and Bremen with respect to their data transfers made pursuant to the U.S.-EU Safe Harbor Framework. At this time, the identities of the two U.S. companies are unknown. In addition, details are murky regarding the nature of the administrative proceedings, the theory of law being used by the commissioners to stop the data transfers, and the underlying facts that led to the administrative proceedings. The conference panels also discussed the comprehensive mass surveillance by U.S. intelligence agencies from a fundamental rights perspective, as well as these U.S. intelligence agencies’ access to information regarding EU data subjects.
We will update this blog post as we become aware of additional details.