On 6 October 2015, the European Court of Justice deemed the "Safe Harbour" agreement that allowed for the transfer of personal data from the EU to the US to be invalid. The "Safe Harbour" agreement was concluded in 2000 between the European Commission and the US government and essentially guarantees protection of personal data transferred by American companies from the EU to the US. In practice, it allowed companies (such as Facebook, Google, Apple etc.) to self-regulate the protection of EU citizens' data in carrying out exports to US data centres. With the "Safe Harbour" agreement being declared invalid, these companies will now have to: (i) enter into model agreements with the entity exporting the data; and (ii) require the consent of national authorities in order to export personal data from EU member countries to the US. Although these agreements are usually standard, getting them approved before transferring data will be time-consuming, as well as a financial and administrative burden.
In Macedonia, the export of personal data to EU/EEA member countries could be carried out freely and does not require the consent of the Directorate for Personal Data Protection ("Directorate"). However, exports of personal data to the US have always been subject to prior confirmation that the country would provide adequate level of protection of the personal data. With the "Safe Harbour" agreement in place, the national authority could have confirmed the level of protection based on self-regulation of US companies. However, based on the ruling of the European Court of Justice, it is expected that transfers of personal data to the US will now be subject to thorough checks to ensure an adequate level of protection of the data upon export.