International Health Research after Schrems v. Data Protection Commissioner

Abstract

On October 6, 2015, in Schrems v. Data Protection Commissioner, the European Court of Justice, the European Union's highest court, held that the fifteen-year-old Safe Harbor Framework Agreement with the United States was invalid. Under the agreement, about forty-five hundred American companies each year self-certified to the U.S. Department of Commerce that they were in compliance with the essential privacy protections of the European Union, and therefore it was permissible for entities in the European Union to send personal data to these American companies. According to the court, because some American companies were making the personal data of E.U. citizens available to U.S. government agencies, such as the National Security Agency (NSA), the fundamental privacy interests of E.U. citizens were not being protected. As a result of this court decision there has been considerable speculation about what, if any, effect the case has on international collaboration in health research, in particular, the sharing of personal data by E.U. researchers with their U.S. colleagues.