About Us

We work collaboratively with our clients to build strong, sustainable relationships. Our team is committed to delivering consistent high standards of service, and we understand the importance of accessibility. Working with us, you'll enjoy open communication, meaning well scoped, properly resourced and effectively managed matters.

Learn More

Latest Case

Advising global cryptocurrency exchange operators on entry into Australian market July 31, 2018

The rise in popularity and demand for cryptocurrency trading has resulted in a number of cryptocurrency exchange operators expanding into different countries, including Australia, to create a global brand. In Australia, new laws and regulations … Continued

Latest News

Maddocks advises French firm on major construction company acquisition August 6, 2018

Monday 6 August 2018 Law firm Maddocks recently advised French firm Bouygues Construction on its acquisition of leading Australian construction and fitout business AW Edwards. The acquisition is a key part of Bouygues’ continued expansion … Continued

Latest Article

Do your construction documents conform with the new Ministerial Directions and Instructions for Public Construction Procurement? August 15, 2018

Are you a state government department or public body which procures public construction works and services? Are you in the process of determining which form of contract will be most appropriate for your procurement to issue … Continued

Return to Safe Harbour?

On 6 October 2015, the  European Court of Justice ruled that the ‘safe harbour’ agreement for data flows between the European Union and the United States was invalid. The safe harbour agreement was set up some 15 years ago to facilitate easier transfer of data from the EU to the US and had previously allowed some 4,000 US companies storing customer data to self-certify their adherence to the scheme.

Following a complaint from an Austrian citizen, Maximillian Schrems regarding the way Facebook processes personal data, the ECJ held the safe harbor principles to be invalid. The ECJ provided a number of reasons for its decision, including that the agreement did not require all organisations entitled to access EU personal data to comply with EU privacy laws. The ECJ also expressed concerns that US authorities were able to gain access to personal data originating from the EU on national security grounds. While the ruling does not necessarily render the transfer of data between the EU and the US unlawful, it means that companies can no longer rely on the safe harbour agreement and must instead, for example, implement model contract clauses with each recipient of personal data prior to disclosing such personal data outside of the EU.

From an Australian perspective, trans-border flows of information are particularly fraught with issues. Organisations based in Australia that use US service providers to provide IT services, and particularly cloud-based services, may be impacted by the decision if data is hosted on US and/or EU servers and those service providers had previously relied on the scheme. Additionally, many believe that the decision likely further cements the EU’s position that Australian privacy laws do not ensure an ‘adequate level’ of protection of personal data transferred from the EU for the purposes of EU privacy law, by virtue of the fact that Australian laws provide that an act done or practice engaged in outside Australia does not breach an Australian Privacy Principle if the act or practice is required by a law of a foreign country.

Now that the dust has at least begun to settle on the decision, attention is being paid to a new arrangement being put in place to replace the now quashed safe harbour agreement. In fact, the European Commission’s vice-president, Andrus Ansip, has indicated that that a new agreement will need to be in place ‘within the next three months’. The Commission has also recently issued guidance to businesses now caught out by the ECJ’s ruling which confirms that the invalidity of the safe harbour agreement ought not necessarily prevent the transfer of data from the EU to the US, as other mechanisms are available.

In the coming weeks, US Senators are expected to vote on the Judicial Redress Act, that could give EU citizens the same legal rights as Americans if their data is mishandled within the US. This will likely at least go some way to appeasing the concerns of the European Commission.

We will, of course, keep you abreast of further developments.

Author:   
Jack Evans 1cm colour Jack Evans
Lawyer
61 2 9291 6178
jack.evans@maddocks.com.au

 

On 6 October 2015, the  European Court of Justice ruled that the ‘safe harbour’ agreement for data flows between the European Union and the United States was invalid. The safe harbour agreement was set up some 15 years ago to facilitate easier transfer of data from the EU to the US and had previously allowed some 4,000 US companies storing customer data to self-certify their adherence to the scheme.

Following a complaint from an Austrian citizen, Maximillian Schrems regarding the way Facebook processes personal data, the ECJ held the safe harbor principles to be invalid. The ECJ provided a number of reasons for its decision, including that the agreement did not require all organisations entitled to access EU personal data to comply with EU privacy laws. The ECJ also expressed concerns that US authorities were able to gain access to personal data originating from the EU on national security grounds. While the ruling does not necessarily render the transfer of data between the EU and the US unlawful, it means that companies can no longer rely on the safe harbour agreement and must instead, for example, implement model contract clauses with each recipient of personal data prior to disclosing such personal data outside of the EU.

From an Australian perspective, trans-border flows of information are particularly fraught with issues. Organisations based in Australia that use US service providers to provide IT services, and particularly cloud-based services, may be impacted by the decision if data is hosted on US and/or EU servers and those service providers had previously relied on the scheme. Additionally, many believe that the decision likely further cements the EU’s position that Australian privacy laws do not ensure an ‘adequate level’ of protection of personal data transferred from the EU for the purposes of EU privacy law, by virtue of the fact that Australian laws provide that an act done or practice engaged in outside Australia does not breach an Australian Privacy Principle if the act or practice is required by a law of a foreign country.

Now that the dust has at least begun to settle on the decision, attention is being paid to a new arrangement being put in place to replace the now quashed safe harbour agreement. In fact, the European Commission’s vice-president, Andrus Ansip, has indicated that that a new agreement will need to be in place ‘within the next three months’. The Commission has also recently issued guidance to businesses now caught out by the ECJ’s ruling which confirms that the invalidity of the safe harbour agreement ought not necessarily prevent the transfer of data from the EU to the US, as other mechanisms are available.

In the coming weeks, US Senators are expected to vote on the Judicial Redress Act, that could give EU citizens the same legal rights as Americans if their data is mishandled within the US. This will likely at least go some way to appeasing the concerns of the European Commission.

We will, of course, keep you abreast of further developments.

Author:   
Jack Evans 1cm colour Jack Evans
Lawyer
61 2 9291 6178
jack.evans@maddocks.com.au