French DPA issues guidance and FAQs on Safe Harbor
The French Data Protection Authority (CNIL) has published guidance, including a set of frequently asked questions, to assist companies that are transferring personal data to the U.S. pursuant to the Safe Harbor framework.
The CNIL stated that the decision of the Court of Justice of the European Union (CJEU) invalidated the European Commission's decision on the adequacy of the protection provided by Safe Harbor. Consequently, companies can no longer rely on Safe Harbor to transfer personal data to the U.S.
The CNIL then met with other European data protection authorities within the Article 29 Working Party, calling upon the EU institutions and Member States to adopt a new legal framework allowing the transfer of personal data from the EU to the U.S. in accordance with the requirements set out by the CJEU by January 31, 2016.