Wragge Lawrence Graham & Co

Un-safe Harbor: is Safe Harbor an adequate means of protecting EU personal data transferred to the US?

The US Safe Harbor framework was developed in 2000 by the US Department of Commerce in collaboration with the European Commission (EC) to provide an adequate level of protection for EU businesses that transfer personal data to the US companies so as to enable them to comply with the data export requirements of the EU Data Protection Directive.

Under the framework, US businesses can self-certify on an annual basis that they will comply with a binding set of principles. Although the arrangement is voluntary, once a business signs up to the Safe Harbor register it assumes various legal obligations that are enforced by the US’s Federal Trade Commission.

Since its introduction, many in the EU have been sceptical about the security offered by Safe Harbor — primarily due to perceived shortcomings in the self-certification process. In 2013, a number of high-profile European people and organisations added to or joined the debate (including the German commissioners, the European data protection supervisor, the chairman of the Article 29 Working Party and the EC). Most expressed concern, particularly in light of revelations in the press that the US government has been carrying out mass surveillance of its European allies…

If you are registered and logged in to the site, click on the link below to read the rest of the Wragge & Co briefing. If not, please register or sign in with your details below. 

Briefings from Wragge Lawrence Graham & Co

View more briefings from Wragge Lawrence Graham & Co

Analysis from The Lawyer

  • Paul Wilson

    Regional: attempted merger

    Alliances, failed and successful, are the story of the year outside London

  • Belinda Bradberry

    Interior designs

    Polish up your retention policy - private practice lawyers are increasingly eyeing in-house roles

View more analysis from The Lawyer


2 Snowhill
B4 6WR