Hillicon Valley: State officials share tech privacy concerns with Sessions | Senator says election security bill won't pass before midterms | Instagram co-founders leave Facebook | Google chief to meet GOP lawmakers over bias claims
German privacy regulator fines Adobe, others over defunct data transfer pact
A German privacy regulator has fined three companies for using an invalidated agreement between the U.S. and the European Union (EU) to transfer European citizens' data across the Atlantic, Reuters reports.
The Hamburg Data Commissioner announced on Monday that it has fined Adobe Systems, Punica, a juice maker that is a subsidiary of PepsiCo, and Unilever, an Anglo-Dutch consumer goods group.
The fines totaled 28,000 euros, or about $32,000, with the largest fine, 11,000 euros, or $12,500, going to Unilever.
The action is the first high-profile example to date of a European privacy regulator cracking down on companies still using the defunct agreement.
But onlookers have long suspected that any enforcement action would come from the privacy watchdog in Hamburg. Germany is seen to have one of the strictest privacy stances in Europe.
According to the Data Commissioner, the three firms continued to transfer personal data under the so-called Safe Harbor agreement after it was struck down by the EU high court last fall.
The three companies have since put into place alternative legal mechanisms.
"The fact that the companies have eventually implemented a legal basis for the transfer had to be taken into account in a favourable way for the calculation of the fines," said Johannes Caspar, the Hamburg Commissioner for Data Protection.
"For future infringements, stricter measures have to be applied."
For 15 years, companies in industries from hospitality to social media "self certified" under Safe Harbor that they met Europe's stricter privacy protections.
But after a complaint against Facebook wound up before the European Court of Justice, the high court determined that because of its surveillance practices, the U.S. could not be seen to adequately protect individuals' privacy - sacrosanct under the EU Charter.
Negotiators have reached a replacement deal, known as the Privacy Shield, but the pact has not yet been finalized and faces many of the same criticisms that dogged its predecessor.
The uncertainty has left many firms in a legal limbo. Supporters warn that absent a new deal, the future of the behemoth bilateral trade relationship between the U.S. and the EU - valued at $1 trillion in 2014 - will be endangered.