1. Home
  2. |Insights
  3. |What You Should Know About the Changing U.S.-EU Safe Harbor Agreement

What You Should Know About the Changing U.S.-EU Safe Harbor Agreement

Client Alert | 2 min read | 05.05.14

The July 2000 Safe Harbor agreement between the United States and Europe concerning cross-border data flows is one of the key regulatory structures governing how organizations can collect, store, move, and use the massive amount of personal data generated in our interconnected world. Fourteen years after its inception, the agreement is under increasing strain from the rapid pace of technological innovation, high-profile breaches of consumer data, and the continued fallout from the Edward Snowden revelations. The EU and U.S. are in the process of updating the original agreement to reflect these new concerns. The implications for organization data operations and privacy policies could be significant, creating new regulatory structures and demanding new procedures and safeguards. 

With this in mind, Crowell & Moring would like to provide our clients with regular updates on the negotiations, and how emerging policies might affect current practices. You are receiving this e-mail as an existing client of the firm that participates in the Safe Harbor program; as such we thought you might be interested in receiving these updates. If you would like to opt out from future Safe Harbor communications, please click here.

Why and How Is Safe Harbor Changing?

The U.S. and Europe have evolved different conceptions of privacy for a host of regulatory, political, legal, and consumer expectation issues. These differences were exacerbated by the revelations of former NSA contractor Edward Snowden. Those revelations, combined with EU-U.S. trade negotiations, rapid changes in technology, and (EU) citizens' expectations have led to a reassessment of the program.

In November 2013, the European Commission put forward 13 separate recommendations to promote "the continuity of data protection rights of Europeans when their data is transferred to the US." Among the recommendations raised by the Commission is greater transparency requiring companies to disclose privacy policies not only to federal regulators, but also to the public at large, and the Department of Commerce to become more active in publicly flagging companies that are not in full compliance with the agreement.

A second subset of the recommendations seeks to make redress and enforcement easier for aggrieved Europeans by allowing better access to alternative dispute resolution bodies and proposing suspensions for noncomplying organizations, inspections of self-certifying companies, and aggressively investigating false claims of adherence to the Safe Harbor.

Finally, the Commission wants the national security exception in the Safe Harbor to be narrowly drawn and that companies provide information as to when and how they respond to requests from law enforcement and national security agencies.

In March, the European Parliament issued a resolution to suspend the Safe Harbor agreement due to the Snowden revelations. Though nonbinding, the resolution adds political pressure on the Commission to strengthen Safe Harbor regulations. The resolution was followed by the release of additional recommendations from the Article 29 Data Protection Working Party to the Commission for inclusion in the ongoing negotiations between the EU and U.S. However, the Article 29 Working Party also recommended the suspension of the Safe Harbor program if the current negotiations do not lead to a positive outcome. It is important for our clients participating in the Safe Harbor program to be informed about potential changes to allow time to adopt measures to ensure continued EU-U.S. cross-border data processing operations. Where appropriate, we will also link this to the ongoing discussions about the new general EU data protection framework.

Insights

Client Alert | 6 min read | 03.26.24

California Office of Health Care Affordability Notice Requirement for Material Change Transactions Closing on or After April 1, 2024

Starting next week, on April 1st, health care entities in California closing “material change transactions” will be required to notify California’s new Office of Health Care Affordability (“OHCA”) and potentially undergo an extensive review process prior to closing. The new review process will impact a broad range of providers, payers, delivery systems, and pharmacy benefit managers with either a current California footprint or a plan to expand into the California market. While health care service plans in California are already subject to an extensive transaction approval process by the Department of Managed Health Care, other health care entities in California have not been required to file notices of transactions historically, and so the notice requirement will have a significant impact on how health care entities need to structure and close deals in California, and the timing on which closing is permitted to occur....