About Us

We work collaboratively with our clients to build strong, sustainable relationships. Our team is committed to delivering consistent high standards of service, and we understand the importance of accessibility. Working with us, you'll enjoy open communication, meaning well scoped, properly resourced and effectively managed matters.

Learn More

Latest Case

Advising on market-changing divestments September 25, 2018

Maddocks  acted for the founder of Australia’s largest private pilot training school, Soar Aviation, on the group’s 50 percent sale to Australian private equity investor The Growth Fund. Soar Aviation was started in 2012 by … Continued

Latest News

Making a difference: Maddocks senior associate wins Australian Young Lawyer of the Year October 22, 2018

Monday 22 October 2018 Maddocks senior associate Tamsin Webster has been awarded the 2018 Australian Young Lawyer of the Year by the Law Council of Australia. Tamsin, a member of the firm’s Employment, Safety and … Continued

Latest Article

Government Procurement (Judicial Review) Act 2018 (Cth) expands scope for challenges to Commonwealth procurement decisions October 18, 2018

On 18 October 2018, the Senate passed the Government Procurement (Judicial Review) Bill 2017 (Cth) (the Bill) without amendment. The Bill received Royal Assent on 19 October 2018. The Government Procurement (Judicial Review) Act 2018 (Cth) … Continued

Return to Safe Harbour?

On 6 October 2015, the  European Court of Justice ruled that the ‘safe harbour’ agreement for data flows between the European Union and the United States was invalid. The safe harbour agreement was set up some 15 years ago to facilitate easier transfer of data from the EU to the US and had previously allowed some 4,000 US companies storing customer data to self-certify their adherence to the scheme.

Following a complaint from an Austrian citizen, Maximillian Schrems regarding the way Facebook processes personal data, the ECJ held the safe harbor principles to be invalid. The ECJ provided a number of reasons for its decision, including that the agreement did not require all organisations entitled to access EU personal data to comply with EU privacy laws. The ECJ also expressed concerns that US authorities were able to gain access to personal data originating from the EU on national security grounds. While the ruling does not necessarily render the transfer of data between the EU and the US unlawful, it means that companies can no longer rely on the safe harbour agreement and must instead, for example, implement model contract clauses with each recipient of personal data prior to disclosing such personal data outside of the EU.

From an Australian perspective, trans-border flows of information are particularly fraught with issues. Organisations based in Australia that use US service providers to provide IT services, and particularly cloud-based services, may be impacted by the decision if data is hosted on US and/or EU servers and those service providers had previously relied on the scheme. Additionally, many believe that the decision likely further cements the EU’s position that Australian privacy laws do not ensure an ‘adequate level’ of protection of personal data transferred from the EU for the purposes of EU privacy law, by virtue of the fact that Australian laws provide that an act done or practice engaged in outside Australia does not breach an Australian Privacy Principle if the act or practice is required by a law of a foreign country.

Now that the dust has at least begun to settle on the decision, attention is being paid to a new arrangement being put in place to replace the now quashed safe harbour agreement. In fact, the European Commission’s vice-president, Andrus Ansip, has indicated that that a new agreement will need to be in place ‘within the next three months’. The Commission has also recently issued guidance to businesses now caught out by the ECJ’s ruling which confirms that the invalidity of the safe harbour agreement ought not necessarily prevent the transfer of data from the EU to the US, as other mechanisms are available.

In the coming weeks, US Senators are expected to vote on the Judicial Redress Act, that could give EU citizens the same legal rights as Americans if their data is mishandled within the US. This will likely at least go some way to appeasing the concerns of the European Commission.

We will, of course, keep you abreast of further developments.

Author:   
Jack Evans 1cm colour Jack Evans
Lawyer
61 2 9291 6178
jack.evans@maddocks.com.au

 

On 6 October 2015, the  European Court of Justice ruled that the ‘safe harbour’ agreement for data flows between the European Union and the United States was invalid. The safe harbour agreement was set up some 15 years ago to facilitate easier transfer of data from the EU to the US and had previously allowed some 4,000 US companies storing customer data to self-certify their adherence to the scheme.

Following a complaint from an Austrian citizen, Maximillian Schrems regarding the way Facebook processes personal data, the ECJ held the safe harbor principles to be invalid. The ECJ provided a number of reasons for its decision, including that the agreement did not require all organisations entitled to access EU personal data to comply with EU privacy laws. The ECJ also expressed concerns that US authorities were able to gain access to personal data originating from the EU on national security grounds. While the ruling does not necessarily render the transfer of data between the EU and the US unlawful, it means that companies can no longer rely on the safe harbour agreement and must instead, for example, implement model contract clauses with each recipient of personal data prior to disclosing such personal data outside of the EU.

From an Australian perspective, trans-border flows of information are particularly fraught with issues. Organisations based in Australia that use US service providers to provide IT services, and particularly cloud-based services, may be impacted by the decision if data is hosted on US and/or EU servers and those service providers had previously relied on the scheme. Additionally, many believe that the decision likely further cements the EU’s position that Australian privacy laws do not ensure an ‘adequate level’ of protection of personal data transferred from the EU for the purposes of EU privacy law, by virtue of the fact that Australian laws provide that an act done or practice engaged in outside Australia does not breach an Australian Privacy Principle if the act or practice is required by a law of a foreign country.

Now that the dust has at least begun to settle on the decision, attention is being paid to a new arrangement being put in place to replace the now quashed safe harbour agreement. In fact, the European Commission’s vice-president, Andrus Ansip, has indicated that that a new agreement will need to be in place ‘within the next three months’. The Commission has also recently issued guidance to businesses now caught out by the ECJ’s ruling which confirms that the invalidity of the safe harbour agreement ought not necessarily prevent the transfer of data from the EU to the US, as other mechanisms are available.

In the coming weeks, US Senators are expected to vote on the Judicial Redress Act, that could give EU citizens the same legal rights as Americans if their data is mishandled within the US. This will likely at least go some way to appeasing the concerns of the European Commission.

We will, of course, keep you abreast of further developments.

Author:   
Jack Evans 1cm colour Jack Evans
Lawyer
61 2 9291 6178
jack.evans@maddocks.com.au