In October 2015, the Court of Justice of the European Union (“CJEU”) held that transfers of personal data from Europe to the United States made under the so-called US Safe Harbor scheme were invalid as those transfers did not ensure an adequate level of protection under European data protection law.
In the aftermath of that decision, the Article 29 Working Party, the organisation that represents the data protection authorities of the European Union, set 31 January 2016 as the deadline by which the representatives of the European Union and the United States had to find solutions to address the significant risks identified by the CJEU with respect to the transfer of personal data to the United States. At the time, the Article 29 Working Party made it clear that if no appropriate solution was reached with the United States by the deadline, European data protection authorities were committed to take all necessary and appropriate actions, which might include taking coordinated enforcement action. That deadline has now expired.