As we reported in our October 2015 edition of the Isle of Man Regulatory Update, the Court of Justice of the European Union (CJEU) ruled on 6 October 2015 (the Schrems case – Case C-362/14) that organisations cannot rely on the European Commission approved Safe Harbor scheme when transferring personal data from the European Union (EU) to the United States of America (US).

Background

The EU’s Data Protection Directive 95/46/EC (Directive) provides that personal data may only be transferred to a country outside the European Economic Area (EEA) if that country ensures an adequate level of protection for the data. This corresponds to the “Eighth Data Protection Principle” as it is set out in the Isle of Man’s Data Protection Act 2002. The European Commission has certified that a number of non-EEA countries do provide “adequate protection” and the Isle of Man is one of these jurisdictions (so called “adequacy decisions”). In relation to the US, the Commission developed so called “Safe Harbor” arrangements whereby US companies could be certified as providing adequate protection. It was a self-certification scheme operated by the US Federal Trade Commission and provided a US company had a Safe Harbor certification, the transfer of personal data to it was permitted and complied with the terms of the Directive.

Safe Harbor arrangements had come under increased scrutiny and criticism following Edward Snowden’s revelations in 2013 about US security agencies accessing personal data, all of which culminated in the CJEU’s decision in the Schrems case.

The Safe Harbor provisions underpinned a number of commercial arrangements and transfers between the US and the EU and it has been a difficult few months for many organisations to put in place replacement provisions. The other mechanisms to allow compliance with the Directive, such as use of EU Model Contracts and Binding Corporate Rules, still apply post the CJEU’s decision in the Schrems case. However, since the decision, the European Commission has been trying to develop a replacement to the Safe Harbour provisions and it announced the new arrangement for transatlantic data flows on 2 February 2016 – the EU-US Privacy Shield.

Share
Twitter LinkedIn Email Save as PDF
More Publications
15 Nov 2022

Insurance and reinsurance in the Isle of Man: Overview

A Q&A guide to insurance and reinsurance in the Isle of Man. Reproduced from Practical Law with the ...

3 Nov 2022

Significant Judgment for Isle of Man Fund Managers

A rethink of exclusion clauses in fund agreements may be needed after the Isle of Man’s appeal cou...

Contributors: Garry Manley
25 Oct 2022

An update to Isle of Man Trust Law

In the week that the Trust and Trustees Bill 2022 goes for its second reading (25 October 2022), it ...

27 Sep 2022

Similar but Different

While the basic features of the trust remain, there are some notable differences in how trusts can b...

25 Jul 2022

Balancing Regulatory and Data Protection Compliance

This article considers data protection compliance in the context of financial services regulatory co...

Contributors: Claire Milne WS
30 Jun 2022

Getting into the Weeds: Isle of Man Regulation of Global Cannabis Investments

The global cannabis industry has grown rapidly in recent years as a number of jurisdictions have lib...

Contributors: Sophie Corkish
24 Feb 2022

Welcoming Fintech Innovation in the Isle of Man

The Isle of Man Financial Services Authority (IOMFSA) has published online support for fintech innov...

25 Nov 2021

Regulatory Approach to ESG across the Crown Dependencies

New requirements may require investment products to display a label reflecting their sustainability ...

25 Nov 2021

The International Comparative Legal Guide to Gambling 2022 – Isle of Man Chapter

This chapter was first published in The International Comparative Legal Guide to: Gambling 2022, by ...

Contributors: Sophie Corkish
30 Jul 2021

Fighting international fraud

First published in New Law Journal, July 2021. Appleby partners Anthony William and Jared Dann an...

Contributors: Jared Dann, Claire Corkish