The Article 29 Working Party of European Data Protection supervisors has now published its response to the European Court’s ruling that the US-EU Safe Harbor agreement can no longer be relied upon when exporting personal data from the European Economic Area.
Like the UK Information Commissioner’s earlier statement, they recognise that data exporters and US service providers will need some time to make alternative arrangements. The Working Party note that discussions between the EU and US authorities on a revised Safe Harbor are already taking place but say that if a satisfactory conclusion is not reached by the end of January 2016 then enforcement measures may be required. In the meantime, national Data Protection Regulators are expected to provide guidance on alternative measures that organisations exporting personal data may consider, if they are not already using them.
Information about Jisc’s continuing work with cloud providers, including a note for institutions on the legal situation as of 14th October, can be found in the relevant community groups, linked from our earlier post.
