European Court of Justice to Decide About Binding Character of Safe Harbor Status

In a recent court ruling, an Irish court referred to the European Court of Justice ("ECJ") the question of whether the Commission's July 2000 decision on the U.S. safe harbor status is binding or whether the member states can conduct their own investigation in light of the factual developments since such decision. In essence, the issue concerns whether a company participating in PRISM (a U.S. government surveillance program) can still make use of its safe harbor status. Should the European Court of Justice hold that member states can conduct independent investigations, it would affect reliance by companies on a safe harbor status when transferring personal data to the United States.

European Court of Justice Clarifies Responsibilities of Internet Search Engines Regarding So-Called "Right to be Forgotten"

In a May 13 ruling, the ECJ recognized the application of the EU Data Protection Law to the activities carried out by search engines and clarified the responsibilities of these types of companies regarding the "right to be forgotten." On June 6, the Article 29 Working Party announced that it is analyzing the consequences of the ruling of the ECJ and might publish guidelines for consultation. (In reaction to the decision of the ECJ, Google has launched a web form to allow data subjects to request personal data to be removed from online search results. Information will disappear from searches made in Europe only.)

Negotiations of EU–U.S. Data Protection Umbrella Agreement

According to a statement of the European Commission in June, negotiations between the European Union and the United States on the conclusion of a Data Protection Umbrella Agreement to protect personal data transferred between the European Union and the United States for law enforcement purposes are reaching the final stage. The remaining stumbling block relates to the right of effective judicial redress for EU citizens not resident in the United States and the purpose limitation of the data sent to the United States. The former may be resolved soon, as the United States has announced legislative action on effective redress.

European Commission Finalizes Internal Security Strategy Report

On June 20, the European Commission finished its final implementation report on the Commission's Internal Security Strategy 2010–2014 regarding progress on increasing the levels of security in cyberspace.

Cloud Computing Interest Groups Communicate to European Commission Guidelines on Standardization of Service Level Agreements for Cloud Services

On June 26, the European Commission received Guidelines on standards for security and data protection for cloud computing services, prepared by a selected group of cloud computing providers and customers.

EDPS Provides Opinion on Internet Governance

On June 23, the European Data Protection Supervisor ("EDPS") adopted an opinion on a Commission Communication on internet policy and governance. The opinion provides the EDPS's views on the current debate around internet governance structures and processes, and it suggests actions that EU institutions can perform to influence such debate.

ENISA and Europol Sign Strategic Cooperation Agreement

On June 26, the European Union Agency for Network and Information Security ("ENISA") and Europol signed a strategic cooperation agreement to enhance cooperation between Europol, its European Cybercrime Centre, and ENISA in order to support the EU member states and the EU institutions in preventing and combating cybercrime.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.