Germany’s privacy watchdog is preparing to fine three companies for relying on the now-defunct Safe Harbor agreement to handle European Union citizens’ data, according to Fortune.
Two additional firms are also under investigation over their trans-Atlantic data transfers, Fortune reports, citing local media.
The Hamburg data protection authority (DPA) hasn’t released the names of the companies yet, but agency head Johannes Caspar said they were “large international companies.”
Germany is seen as one of the toughest nations in Europe on privacy, and onlookers have long suspected that Safe Harbor enforcement action would begin there.
The U.S. and the EU earlier this month reached a new deal that will permit Facebook, Google and thousands of other companies to continue legally handling Europeans’ personal data. The deal replaced the original 2000 Safe Harbor agreement, which was struck down by the European high court in October over privacy concerns.
Europe’s various data privacy regulators are currently reviewing the new agreement, but some onlookers are skeptical that the replacement agreement will satisfy the high court’s ruling — or more hardline DPAs.
A working group of the 28 DPAs gave companies a breather on enforcement until the beginning of this month and as a whole are expected not to take any action until the group has determined if the new agreement satisfies privacy concerns.
But Germany has long been one of Europe’s more enthusiastic regulators. Casper’s office announced immediately following the high court ruling that it would be proactively investigating U.S. firms with headquarters in Germany — including Facebook and Google.
Casper’s office told Fortune that the companies now facing fines are all subsidiaries of U.S.-based global corporates. It declined to identify in what sector they operate.