“Invalidator” strikes back: The harbour has never been safe

The Grand Chamber ruled that Commission decision 2000/520 on “safe harbour” was invalid since Article 1 thereof failed to comply with the requirements laid down in Article 25(6) of Directive 95/46 read in the light of the Charter; the Commission had exceeded the power which was conferred upon it in the same provision in adopting Article 3 of the decision; and Articles 1 and 3 and the decision of the Commission in its entirety were accordingly invalid. The Grand Chamber made critical observations about the safe harbour framework. The legal effects of this ruling should be clarified. In addition, the findings of the Grand Chamber on the powers of national data protection authorities and on transfers of personal data to the US have far-reaching legal implications for organisations in both the US and the EU.1