The UK privacy regulator has taken a more conciliatory approach to this week’s European Court of Justice ruling rendering the safe harbour agreement invalid, insisting it is not the only way companies can transfer sensitive information across the Atlantic.
While admitting that the ruling is “significant” the Information Commissioner’s Office maintains it is important regulators and legislators provide a considered response.
Deputy Commissioner David Smith said: “It does not mean that there is an increase in the threat to people’s personal data, but it does make clear the important obligation on organisations to protect people’s data when it leaves the UK.”
Smith added that businesses which use safe harbour will need to review how they ensure that data transferred to the US is transferred in line with the law. However, he softened the blow by adding: “We recognise that it will take them some time for them to do this.”
And he insisted that safe harbour is not the only basis on which transfers of personal data to the US can be made, as many transfers already take place based on different provisions.
“The ICO has previously published guidance on the full range of options available to businesses to ensure that they are complying with the law related to international transfers. We will now be considering the judgment in detail, working with our counterpart data protection authorities in the other EU member states and issuing further guidance for businesses on the options open to them. Businesses should check the ICO website for details over the coming weeks.”
Related stories
New ruling halts US data transfer
US firms hit by data transfer ruling
ECJ wrecks US tech giants data plans
Facebook hit by illegal data use claim
Facebook chief bigs up data privacy
Facebook defends record on data
