Michelle Reed Speaks with The Cybersecurity Law Report on ECJ’s Data Privacy Treaty Ruling

Michelle Reed, a litigation partner at Akin Gump, has been quoted in The Cybersecurity Law Report article “Dangerous Harbor: Analyzing the European Court of Justice Ruling” pertaining to that court’s ruling invalidating a 15-year-old data privacy treaty that allowed companies to transfer personal data from the European Union to the United States. The European Court of Justice (ECJ), as the article reports, found that the United States does not ensure adequate protection for personal data.

In light of the ruling, Reed said that if companies have highly sensitive information they may “consider obtaining consents to the data flow or storing certain types of data in countries deemed adequately protected.” Two available options are Model Contracts and Binding Corporate Rules, which can help companies develop a plan for alternatively covering certain kinds of data flows, but Reed said each of those is problematic because “data transferred to the U.S. would still be subject to the privacy concerns about the NSA surveillance program,” which is what led to the ECJ opinion.

Third-party vendors, Reed said, “will also likely face a flurry of requests for model contracts and will have to be as responsive as possible to ensure proper data flows” as a result of the ruling. Reed also predicted that with neither side inclined to shut off those data flows, “a compromise will have to be reached expeditiously.” She added, the ECJ’s “rejection of the Safe Harbor has already put negotiations for a Safe Harbor 2.0 on a fast track.”