German Data Protection Authority Fines Three Companies for U.S. Data Transfers

Client Alert | 2 min read | 06.08.16

In a press release of June 6, 2016, the Data Protection Authority (DPA) of Hamburg announced that three fining decisions it has issued against companies unlawfully relying on the invalidated “U.S.-EU Safe Harbor Framework” (Safe Harbor) have become final. The Hamburg DPA concluded that after the invalidation of the former “U.S.-EU Safe Harbor Framework” by the European Court of Justice in October 2015, the companies had failed to otherwise adequately ensure the protection of employee and customer data transferred from Europe to the U.S.

At least two of the companies fined are not typical “data-related” businesses: addressees of the fining decisions are consumer goods manufacturer Unilever (€ 11,000), software company Adobe Systems Inc. (€ 8,000), and fruit juice maker Punica, a subsidiary of PepsiCo Inc. (€ 9,000).

The fines issued are relatively low. However, Mr. Johannes Caspar, director of the Hamburg DPA, underlined that the fact that the companies had implemented standard contractual clauses (SCCs) after the start of the investigations, had been taken into account in favor of the companies when determining the amount of the fines. This confirms the need for companies who relied on Safe Harbor in the past, to make sure that they install other safeguards, in particular Standard Contractual Clauses.

However, the overall situation regarding the transfer of personal data from the EU to the U.S. remains uncertain. The draft “EU-U.S. Privacy Shield,” a recently drafted framework designed to replace the invalidated “Safe Harbor,” still needs to be approved by the Article 31 Committee in a binding opinion before it can be confirmed by the European Commission in an adequacy decision. In addition, the Standard Contractual Clauses are possibly also soon to be challenged before the ECJ based on an initiative of the Irish DPA, a process that may however take several years to play out.

At bottom, the underlying political issue of a clash between European fundamental rights and U.S. government mass surveillance activities remains. And according to many, only a change in the U.S. legal system with regard to surveillance practices could solve the issue, which is highly unlikely to occur.

In light of the above, for now, Standard Contractual Clauses are the best solution for personal data transfers from the EU to the US. In addition, companies should keep monitoring further developments. Crowell & Moring’s Privacy & Cybersecurity team will continue to closely monitor and provide updates on future developments.

Contacts

Jeffrey L. Poston
Partner
He/Him/His
- Washington, D.C.
  - D | +1.202.624.2775
anBvc3RvbkBjcm93ZWxsLmNvbQ==
Emmanuel Plasschaert
Partner
- Brussels
  - D | +32.2.282.4084
ZXBsYXNzY2hhZXJ0QGNyb3dlbGwuY29t
Jeane A. Thomas
Partner
- Washington, D.C.
  - D | +1.202.624.2877
anRob21hc0Bjcm93ZWxsLmNvbQ==
Frederik Van Remoortel
Partner
- Brussels
  - D | +32.2.282.1844
ZnZhbnJlbW9vcnRlbEBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 5 min read | 12.12.25

Eleventh Circuit Hears Argument on False Claims Act Qui Tam Constitutionality

On the morning of December 12, 2025, the Eleventh Circuit heard argument in United States ex rel. Zafirov v. Florida Medical Associates, LLC, et al., No. 24-13581 (11th Cir. 2025). This case concerns the constitutionality of the False Claims Act (FCA) qui tam provisions and a groundbreaking September 2024 opinion in which the United States District Court for the Middle District of Florida held that the FCA’s qui tam provisions were unconstitutional under Article II. See United States ex rel. Zafirov v. Fla. Med. Assocs., LLC, 751 F. Supp. 3d 1293 (M.D. Fla. 2024). That decision, penned by District Judge Kathryn Kimball Mizelle, was the first success story for a legal theory that has been gaining steam ever since Justices Thomas, Barrett, and Kavanaugh indicated they would be willing to consider arguments about the constitutionality of the qui tam provisions in U.S. ex rel. Polansky v. Exec. Health Res., 599 U.S. 419 (2023). In her opinion, Judge Mizelle held (1) qui tam relators are officers of the U.S. who must be appointed under the Appointments Clause; and (2) historical practice treating qui tam and similar relators as less than “officers” for constitutional purposes was not enough to save the qui tam provisions from the fundamental Article II infirmity the court identified. That ruling was appealed and, after full briefing, including by the government and a bevy of amici, the litigants stepped up to the plate this morning for oral argument....

Client Alert | 8 min read | 12.11.25
Director Squires Revamps the Workings of the U.S. Patent Office
Client Alert | 8 min read | 12.10.25
Creativity You Can Use: CJEU Clarifies Copyright for Applied Art
Client Alert | 4 min read | 12.10.25
Federal Court Strikes Down Interior Order Suspending Wind Energy Development

View All Insights