Un-safe Harbor: is Safe Harbor an adequate means of protecting EU personal data transferred to the US?
The US Safe Harbor framework was developed in 2000 by the US Department of Commerce in collaboration with the European Commission (EC) to provide an adequate level of protection for EU businesses that transfer personal data to the US companies so as to enable them to comply with the data export requirements of the EU Data Protection Directive.
Under the framework, US businesses can self-certify on an annual basis that they will comply with a binding set of principles. Although the arrangement is voluntary, once a business signs up to the Safe Harbor register it assumes various legal obligations that are enforced by the US’s Federal Trade Commission.
Since its introduction, many in the EU have been sceptical about the security offered by Safe Harbor — primarily due to perceived shortcomings in the self-certification process. In 2013, a number of high-profile European people and organisations added to or joined the debate (including the German commissioners, the European data protection supervisor, the chairman of the Article 29 Working Party and the EC). Most expressed concern, particularly in light of revelations in the press that the US government has been carrying out mass surveillance of its European allies…
If you are registered and logged in to the site, click on the link below to read the rest of the Wragge & Co briefing. If not, please register or sign in with your details below.
News from Wragge & Co
News from The Lawyer
Briefings from Wragge & Co
In Rose, the Administrative Court considered whether a CCG had acted unlawfully in failing to follow guidance issued by NICE.
In February 2013, the European Commission released a draft Network and Information Security Directive.