The Safe Harbour agreement signed in 2000 allowed the subscribing companies to transfer personal data from the European Union to the United States because they were rated as compliant with the data protection standards.
But all this has changed now that the agreement has been declared invalid as a result of a lawsuit against Facebook and other companies filed by the Austrian activist Max Schrems regarding the transfer of his data.
Now the companies whose data centres are on US soil are no longer considered safe to transfer personal data from the EU and don’t have the legal umbrella that allowed them to merely report the file to the Spanish Data Protection Agency with no further requirements.
In fact the companies have until the end of January 2016 to readjust to this new situation and the alternatives are:
- Obtain an authorization from the Director of the Spanish Data Protection Agency.
- Obtain informed consent from every single person whose data is affected (exceptional cases).
- Migrate all data to another supplier whose data centres are in Europe.
In this regard, we would like to inform you that our servers and all our customers’ data are hosted in Spain and comply with the current laws so they are not affected by the termination of the Safe Harbour agreement.
By Daniel Santos García,
lawyer and partner of Santos Abogados Asociados