A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 6 June 2016
On 6 June 2016 the Data Protection Authority of Hamburg (the “DPA”) announced that, following a review of 35 international organisations based in Hamburg, it fined 3 companies for unlawful transfers of personal data from the EU to the United States.
The 3 companies in question are Adobe – fined EUR 8,000, Punica – fined EUR 9,000 and Unilever – fined EUR 11,000. Whilst the fines could have been anything up to EUR 300,000, it is believed that these companies faced lower fines because they transitioned their business practices during the review period and implemented EU standard contractual clauses or "Model Clauses", which were found to be an acceptable alternative to Safe Harbour. Although organisations should note that, in common with the Irish data protection authority, the DPA has called for further scrutiny and review of Model Clauses as a basis for EU-US transfer.
The DPA has indicated that proceedings involving other organisations are on-going and it seems that the DPA will penalise unlawful transfers more harshly in the future.
The DPA’s approach has not come as a surprise for those who have been following the developments around Safe Harbour and Germany’s promise to audit cross-Atlantic data transfers following the Schrems decision in October 2015 by the Court of Justice of the European Union which invalidated the EU-US Safe Harbour framework, however, these fines place even greater emphasis on the importance of putting in place alternative mechanisms for the transfer of personal data from the EU to the US.
Organisations should ensure that they have reviewed all of their data processing activities which entail a transfer of data out of the EU to the US and that an adequate protection measure is in place for that transfer, the best of which is currently Model Clauses.
To read the DPA’s press release, please click here (German).
Shehana Cameron Perera, Lorraine Ekong, Jade Kowalski, Rhiannon Webster, Ceri Fuller, Khurram Shamsee, Christopher Air, Sophie Devlin
Aleksandar Dimitrov, Neal Pal
Rhiannon Webster, Charlie Christie
Hans Allnutt, Mark Anderson, Gregory Bautista, Anjali Das, Kieran Doyle, Bastian Finkel
Hans Allnutt, Rhiannon Webster
Hans Allnutt, Patrick Hill, Laura Stewart, Lorraine Ekong
Lorraine Ekong, Hans Allnutt
Hans Allnutt, Camilla Elliot
Hans Allnutt, Patrick Hill
Hans Allnutt, Rhiannon Webster, Patrick Hill