Un-safe Harbor: is Safe Harbor an adequate means of protecting EU personal data transferred to the US?
The US Safe Harbor framework was developed in 2000 by the US Department of Commerce in collaboration with the European Commission (EC) to provide an adequate level of protection for EU businesses that transfer personal data to the US companies so as to enable them to comply with the data export requirements of the EU Data Protection Directive.
Under the framework, US businesses can self-certify on an annual basis that they will comply with a binding set of principles. Although the arrangement is voluntary, once a business signs up to the Safe Harbor register it assumes various legal obligations that are enforced by the US’s Federal Trade Commission.
Since its introduction, many in the EU have been sceptical about the security offered by Safe Harbor — primarily due to perceived shortcomings in the self-certification process. In 2013, a number of high-profile European people and organisations added to or joined the debate (including the German commissioners, the European data protection supervisor, the chairman of the Article 29 Working Party and the EC). Most expressed concern, particularly in light of revelations in the press that the US government has been carrying out mass surveillance of its European allies…
If you are registered and logged in to the site, click on the link below to read the rest of the Wragge & Co briefing. If not, please register or sign in with your details below.
News from Wragge & Co
News from The Lawyer
Briefings from Wragge & Co
Wragge & Co outlines the background to the case and the court’s decision and provides a comment on its impact for public bodies.
The Court of Appeal case of RWE Npower Renewables Ltd v J N Bentley Ltd acts as a reminder to draftsman not to place too much reliance on these clauses.