0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

Forgotten your password?

'Safe Harbor' - not safe enough for cloud computing?

1 August 2012

Can you rely on Safe Harbor Certificates when transferring personal data to the USA? Not according to a recent EU opinion.

Companies planning to transfer personal data to the USA (e.g. when switching to a US based cloud computing provider) need to make sure they don’t breach their obligation not to transfer personal data outside the EEA without an adequate level of data protection.

Many US based cloud providers will claim that they can demonstrate this by holding 'Safe Harbor' certification.

A recent Article 29 Working Party Opinion raises concerns for those relying on this, making the point that companies should have adequate contractual protection in place as well as checking that the certification is both current and complied with.

This is sensible given the USA’s dominance of the sector, but will often place additional burden on buyers of cloud computing services.

We recently recorded some training on issues to look out for when moving to cloud computing, which you’re welcome to view here.

Related opinions

Do you collect personal data from children, whether deliberately or by accident? If so you’d better read this…

If you provide goods or services online that might be of interest to children then you’re going to want to go through the ICO’s “Age Appropriate Design Code of Practice” - a code requiring minimum standards of any online service aimed (or which is likely to interest) children.

View blog

Marriott International: a look behind the ICO’s £99m fine and what this means for corporate acquisitions

Last month, the Information Commissioner’s Office (ICO) announced notice of its intention to fine (NOI) Marriott International, Inc. £99m for infringements of the GDPR.

View blog

Cyber risks – are businesses really ready?

The Hiscox Cyber Readiness report, a review of 3300 organisations, will be a stark warning for CEO’s of SME’s in the UK and in Europe.

View blog

Landlord and tenant inspections - getting the evidence right

In Rogerson v Bolsover District Council (2019) the Court of Appeal found against a local authority landlord pursuant to the Defective Premises Act 1972 following a finding of an inadequate inspection regime.

View blog

Richard Nicholas

Richard Nicholas

Partner and Responsible for In House Lawyers

View profile

Mailing list sign up

Select which mailings you would like to receive from us.

Sign up