German MEP Jan Philipp Albrecht and activist Max Schrems criticised the new ruling, as they said the Commission could take a “tour of Luxembourg” (where the European Court of Justice is located).  Vera Jourova, a Member of the European Commission responsible for consumer protection, said she was convinced that an agreement could be reached by the end of February.  Many Europeans have called for a mechanism for individual European citizens to file complaints about the use of their data, as well as a transparency system to ensure that the data of European citizens does not fall into the hands of the US secret services.  The Article 29 group acted on this request and stated that it would not be a further delay, until March 2016, to decide on the consequences of the Commission`s new proposal.  The European Commission`s Director of Fundamental Rights, Paul Nemitz, explained at a conference in Brussels in January how the Commission would decide on the adequacy of data protection.  The Economist predicts that it will be more difficult for the Court of Justice to make it more risky once the Commission has adopted a strengthened “adequacy decision”.  Data protection advocate Joe McNamee summed up the situation by pointing out that the Commission had announced agreements prematurely and had thus lost its right to negotiate.  At the same time, the first legal disputes began in Germany: in February 2016, the Hamburg Data Protection Authority was preparing the dispute of three companies that relied on Safe Harbour as a legal basis for their transatlantic data transfers, and two other companies were investigated.  On the other hand, a reaction was immediate.  The Safe Harbor Agreement between the EC and the US government essentially promised to protect the data of EU citizens when they are transferred to the US by US companies. The Safe Harbour Privacy Principles was developed between 1998 and 2000.
They should prevent private organizations in the European Union or the United States that store customer data from accidentally revealing or losing personal data. U.S. companies could opt for a program and be certified if they stick to seven principles and 15 frequently asked questions and answers in accordance with the directive.  In July 2000, the European Commission (EC) decided that US companies that adhere to the principles and register their certification are allowed to transmit EU data to the United States.