Why has the safe harbor mechanism turned out to be unreliable for personal data transfers to the USA

Abstract

The survey deals with the practical issues raised by the decision of the CJEU dated 6 Oct. 2015 on case C-362/14 (Maximillian Schrems v. Data Protection Commissioner, Ireland) that declared the Safe Harbor Agreement invalid. It is also a follow-up to two analyses published in the "Contemporary Law" Journal in 2012 ("Transfer of Personal Data to Third Countries Providing an Adequate Level of Protection" and "New Rules Regulating the Transfers of Personal Data to Third Countries Providing an Adequate Level of Protection"). This survey focuses on the questions of preconditions under which the transfers of personal data to the USA are legally possible at present, and whether it would be reasonable to expect a new version of the Safe Harbor Agreement in the near future. The recent years' practice of the Bulgarian Personal Data Protection Commission related to the Safe Harbor Agreement has also been examined.