Update regarding the Safe Harbour Principles

 in IT-recht

Judicial Redress Act of 2015 passed House and goes to Senate

In my recent news bulletin of 26 October on privacy I informed you that the Working Party has called on the Member States and European institutions to negotiate with American authorities in order to come up with a solid solution regarding the invalidation by the European Court of Justice of the Safe Harbour Principles which rendered the transfer of personal data to the U.S. relying on the Safe Harbour Principles unlawful.
One of the issues identified by the European Court of Justice ruling of 6th October in the Maximillian Schrems vs Data Protection Commissioner case (C-362-14), was that the invalidated decision of the European Commission did not identify whether it is possible for European citizens to seek legal protection in the U.S. if they believe their privacy to be violated.

A bill addressing the extension of the U.S. Privacy Act civil remedies to citizens of certified states has passed House of Representatives last Tuesday (20th October) and has entered its final stage by going to the Senate.

Provided the Bill passes Senate and the U.S. Attorney General designates – as to be expected – the European Union as ‘covered country’, the Judicial Redress Act will enable citizens of the European Union to bring a civil action against certain American government agencies to the same extent as American citizens are entitled to under the U.S. Privacy Act of 1974 for purposes of accessing, amending, or redressing unlawful disclosures of records maintained by such American government agencies. Under the provision that the European Union is a ‘covered country’ at the time of transfer of the respective record(s). The United States District Court of the District of Columbia shall have exclusive jurisdiction over such civil claims.

Although this does not yet address the regulation in the U.S. which in general makes massive and indiscriminate surveillance possible of all personal data transferred from European Union to the U.S. and/or stored by an American organization within the European Union without the required purpose limitation, proportionality and subsidiarity, the Bill once enacted is an important step towards a solution to repair the possibility of transfer of personal data from the European Union to the U.S.

If you would like to know more about the above or any other privacy issue, please contact mr. I.M. Tempelman.

Read summary of Judicial Redress Act of 2015 here

Recente berichten
  • 11 mei 2021

    INPLP article May 11, 2021

    Wouter Huisman
    Bob Cordemeyer
    Fine of €475,000 for Booking.com reporting data breach 22 days to late. According to a press release of April 6 the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) imposed a €475,000 fine on Booking.com because the company took too long to report a data breach to the DPA into compliance with Article 33 GDPR.
    Lees verder
  • 13 april 2021

    Het doolhof van de wet- en regelgeving op het gebied van de zieke werknemer: deel 1.

    Marion Hagenaars
    Wie bepaalt: de bedrijfsarts of het UWV? Verzuimbegeleiding en re-integratie De werkgever is verantwoordelijk voor de verzuimbegeleiding en re-integratie van de zieke werknemer. De werknemer is verplicht om aan zijn re-integratie mee te werken. In de Arbeidsomstandighedenwet is bepaald dat de werkgever zich hierbij moet laten bijstaan door een gecertificeerde arbodienst of bevoegde bedrijfsarts. De
    Lees verder
  • 17 februari 2021

    440,000 EUR fine for Dutch hospital OLVG for access by unauthorized personnel to medical records

    Bob Cordemeyer
    On 11 February 2021 the Dutch Data Protection Authority imposed a fine of EUR 440.000, = on Amsterdam hospital OLVG for having no sufficient measures in place to prevent access to medical records by unauthorized personnel and therefore infringing article 32 (1) GDPR. An investigation was started after the DPA received several complaints of potential violations.
    Lees verder

Plaats een reactie