I’ve recently returned from a week in German visiting our businesses there. So I thought I might say a few words about Safe Harbor and Germany
Recent statements from some of the German privacy regulators have people worried that Safe Harbor is no longer a legal mechanism to transfer personal data to the US from the EEA. This is not accurate.
The German regulators have stated that personal information must receive adequate protection. Companies that sign-up for Safe Harbor, but that do not implement the commitments operationally, are not providing adequate protection. This is a far cry from declaring Safe Harbor an invalid transfer mechanism, which Germany could not do even if it wanted to since it has been adopted by the EU Commission.
So . . . if you are transferring data to the US via Safe Harbor, make sure your operations, or those of your data processor, are truly implementing the Safe Harbor principles! If you are, then you are compliant with the law!