Poland’s DPA says enforcement against ex-Safe Harborites is a possibility

Poland’s Data Protection Commissioner, Dr Edyta Bielak-Jomaa, has issued a statement which says that in the absence of a new framework for EU-US data transfers, the authority is prepared to consider any complaints in this regard, even if they were submitted before 1 February 2016.

The DPA (GIODO) says that transfers based on the old Safe Harbor arrangement are illegal as per the Schrems decision by the European Court of Justice. However, Standard Contractual Clauses and Binding Corporate Rules can still be used, as per Art. 47-48 of Poland’s 1997 Act on the Protection of Personal Data.

However, the EU national DPAs are now evaluating, as a group, the validity of these methods under the proposed ‘EU-US Privacy Shield’. The group will evaluate the documentation relating to the Privacy Shield as soon as it becomes available, and aims to give its opinion on whether the arrangement satisfies the requirement of ‘essentially equivalent’ protection at its meeting at the end of March.

EU Article 29 Data Protection WP statement on Privacy Shield