Skip to content

Brought to you by

Dentons logo

Privacy and Cybersecurity Law

Coverage and commentary on developments in data protection.

open menu close menu

Privacy and Cybersecurity Law

  • Home
  • About Us

New guidance from the Polish DPA: a warning for all Safe Habor (ex)participants

By Dariusz Czuchaj
December 1, 2015
  • Europe
  • New and Proposed Laws
Share on Facebook Share on Twitter Share via email Share on LinkedIn

The Polish DPA has recently issued a statement to the effect that all companies which previously relied on Safe Harbor program must be able to demonstrate a valid legal basis – as set out in the Polish Data Protection Act – to legally transfer personal data to the USA.

In the view of the DPA, the ‘grace period’ (lasting until the end of January 2016) mentioned in the recent statement of the A29 Working Party does not allow data controllers to transfer personal data to the USA without meeting at least one of the legal prerequisites set out in the Polish Data Protection Act (i.e. consent, performance of a contract, etc.)

The ‘grace period’, in the opinion of the Polish DPA, should be treated as the maximum point in time until which the data protection authorities of the Member States, as a rule, will not initiate steps to enforce implementation of the Schrems’ judgment.

Concluding, the DPA states that if it receives a complaint from a data subject, administrative proceedings will be initiated to discover if the legal prerequisites were met. If the data controller is unable to show valid grounds for transfer, the transfer will be deemed illegal.

What may happen ?

In that case the DPA has certain measures available under Polish law, including issuing a prohibition order to stop data transfer or filing a motion to the public prosecutor to start a criminal investigation into such illegal disclosure of data.

Our recommendation

We recommend that data controllers implement data transfer agreements based on standard contractual clauses as soon as possible, as Polish law recognizes this approach as providing a lawful instrument to cover data transfers.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Dariusz Czuchaj

About Dariusz Czuchaj

Dariusz Czuchaj, attorney at law, counsel at Dentons’ Warsaw office, is a member of the Intellectual Property and Technology practice team.

All posts Full bio

RELATED POSTS

  • Europe

Europe under Review : Part 6 of 8 – International Transfers

This week in our series of “back to privacy basics”, we look at the issue of international transfers of personal […]

By Simon Elliott
  • Cloud Computing
  • Data Transfers
  • Enforcement
  • Europe
  • United States

FTC steps up enforcement action

Last week, the FTC announced that it had settled with a gaming company that falsely claimed to be certified under […]

By Nick Graham
  • Data Breach
  • Enforcement
  • Europe
  • Marketing, Cookies & Spam
  • United Kingdom

ICO Release Annual Report

By Nick Graham

About Dentons

Dentons is designed to be different. As the world’s largest law firm with 20,000 professionals in over 200 locations in more than 80 countries, we can help you grow, protect, operate and finance your business. Our polycentric and purpose-driven approach, together with our commitment to inclusion, diversity, equity and ESG, ensures we challenge the status quo to stay focused on what matters most to you. www.dentons.com

Dentons boilerplate image

Twitter

Categories

  • Accountability
  • Asia Pacific
  • Canada
  • Cloud Computing
  • Consumer Protection
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Enforcement
  • Europe
  • General
  • Government Information
  • Health Information Privacy
  • Latin America
  • Marketing, Cookies & Spam
  • New and Proposed Laws
  • Privacy Notices
  • Privacy Rights
  • Record Retention
  • Smart Cities
  • United Kingdom
  • United States

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2022 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site