The transfer of personal data is an integral part of relocation services. There is an obligation to protect this personal data and maintain compliance with national and international data protection legislation.
Data protection law is particularly stringent in the European Union (EU) and includes strict rules on how personal data, which originates in the EU, must be handled when it is transferred to a non-EU country. For data transfers to the US, a program called Safe Harbor allowed accredited companies to receive personal data in the US, free of the restrictions that would normally apply to international data transfers from the EU.
However, on October 6th 2015, the European Court of Justice declared Safe Harbor invalid. Because of this ruling, companies (including Dwellworks) must now establish an alternative legal basis for transferring personal data from the EU to the US, which is compliant with EU data protection laws. The solution we have adopted is to incorporate EU compliant data protection clauses into all of our client contracts.
As you may know, on February 2, 2016, the European Commission and the US government announced a new framework called the EU-US Privacy Shield that will replace Safe Harbor. A final version of the EU-US Privacy Shield will be released in the coming weeks. However, it is important to note that the EU-US Privacy Shield must still advance through several regulatory hurdles before it is made official, and some anticipate that it may encounter legal challenges.
Dwellworks will continue to monitor the EU-US Privacy Shield as well as updates to European data protection laws and will make adjustments to contract clauses as necessary.