I recently wrote about the Safe Harbor ruling and outlined the associated consequences as well as dangers for companies.
Shortly afterwards, I was slightly surprised about the new edition of this agreement.
Things are now getting serious. As Spiegel Online reported yesterday, Hamburg’s top data protectionist (Johannes Caspar) is asking the firms of Adobe, Punica and Unilever to pay out – with others to follow. A press release from the “Hamburg Representative for Data Protection and Freedom of Information” offers insight into the current ongoing process.
For many companies, this “theoretical problem of data protection” has now taken on the practical nature of fines to the tune of up to 300,000 Euro.
The companies of Adobe, Punica and Unilever transferred personal data to the USA on the basis of the Safe Harbor agreement. The fact that this agreement was deemed invalid in October last year by the European Court of Justice leaves many companies to this day in the cold, including the three showcase candidates.
The responsible authorities took up their task as a result. They identified affected companies and called for improvements. A generous grace period of several months was included. Although the aforementioned companies ultimately proved themselves cooperative, they initially let the grace period expire. Johannes Caspar, however, gave short shrift and initiated fine proceedings.
At this opening of fine proceedings, the companies then suddenly gave in.
“… all three companies have adapted their transfer basis during the fine proceedings …”,
said Johannes Caspar. For this reason the fines were to be significantly reduced. Caspar, however, did not miss the chance to wag a critical finger. In future, companies can expect significantly more severe penalties, should they ignore the Safe Harbor agreement.
What to do?
The question is simple in the case of the three companies. Pay the fine money involved.
For all others the rule is to avoid the unpleasant contact with state data protection authorities. Simplest of all would be by using preventive measures. Personal data should be stored and processed legally securely. The safest way is to directly opt for a provider with headquarters and site of data storage in Germany.