EU privacy regulators give EU, US three months to find new data pact

Companies could face action from European privacy regulators if the European Commission and United States do not come up with a new system enabling them to shuffle data across the Atlantic in three months, the regulators said.

The highest European Union court struck down a system known as Safe Harbour used by over 4,000 firms to transfer personal data to the United States, leaving companies without alternatives scrambling to put new legal measures in place to ensure everyday business could continue. Under EU data protection law, companies cannot transfer EU citizens' personal data to countries outside the EU deemed to have insufficient privacy safeguards, of which the United States is one. EU data protection authorities meeting in Brussels to assess the implications of the ruling, said in a statement that they would assess the impact of the judgment on other data transfer systems, such as binding corporate rules and model clauses between companies. "If by the end of January 2016, no appropriate solution is found with the U.S. authorities and depending on the assessment of the transfer tools by the Working Party, EU data protection authorities are committed to take all necessary and appropriate actions, which may include coordinated enforcement actions," the watchdogs said.