0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

Forgotten your password?

'Safe Harbor' - not safe enough for cloud computing?

1 August 2012

Can you rely on Safe Harbor Certificates when transferring personal data to the USA? Not according to a recent EU opinion.

Companies planning to transfer personal data to the USA (e.g. when switching to a US based cloud computing provider) need to make sure they don’t breach their obligation not to transfer personal data outside the EEA without an adequate level of data protection.

Many US based cloud providers will claim that they can demonstrate this by holding 'Safe Harbor' certification.

A recent Article 29 Working Party Opinion raises concerns for those relying on this, making the point that companies should have adequate contractual protection in place as well as checking that the certification is both current and complied with.

This is sensible given the USA’s dominance of the sector, but will often place additional burden on buyers of cloud computing services.

We recently recorded some training on issues to look out for when moving to cloud computing, which you’re welcome to view here.

Related opinions

Flexible working, childcare and indirect sex discrimination – important reminder

The courts have long recognised that, on a societal level, women bear a greater burden of childcare responsibilities than men which can make it more difficult for women to comply with employer requirements for flexible working (known as the ‘childcare disparity’).

View blog

Headline points of the 2021 Budget for employers & the self-employed

Yesterday’s announcement already seems to be a seminal moment on the road to recovery from the impacts of the pandemic. Here are some of the headline points.

View blog

Do you collect personal data from children, whether deliberately or by accident? If so you’d better read this…

If you provide goods or services online that might be of interest to children then you’re going to want to go through the ICO’s “Age Appropriate Design Code of Practice” - a code requiring minimum standards of any online service aimed (or which is likely to interest) children.

View blog

Beards: Smart or Not?

In Sethi v Elements Personnel Services Limited, the Employment Tribunal has considered the implications of dress codes on men.

View blog

Richard Nicholas

Richard Nicholas

Partner and Responsible for In House Lawyers

View profile

Mailing list sign up

Select which mailings you would like to receive from us.

Sign up