Obtaining consent to transfer EU customer data to the U.S.
On 6 October 2015, the European Court of Justice (ECJ) ruled that the Commission's adequacy decision on the EU-US Safe Harbour arrangement is invalid.
(see judgment pdf)
This ruling has invalidated the existing Safe Harbor Framework, which allowed the transfer of data between the EU and the U.S. Privacy regulators in the EU have indicated that they will investigate transfers of customer data from the EU to the U.S. that do not comply with EU privacy requirements.
As your Ecommerce data centers may be located within the United States, you need to inquire with your ecommerce provider where your client's data is transferred
to, processed and held. When a European customer proceeds through your checkout, their information is transferred to these data centers for processing.
As a result, it is recommended that you obtain your customers' consent to the transfer of their information to your Ecommerce data centers in the U.S.
This can be done through a notice for all EU customers on the checkout page of your store. The U.S. and EU have indicated that they are close to agreeing
on a replacement for the Safe Harbor Framework, which will be known as the "EU-US Privacy Shield". As negotiations between the U.S. and EU continue
to develop, the requirement to obtain EU customer consent to data transfer may change. We are following the situation closely and will post any changes.