Un-safe Harbor: is Safe Harbor an adequate means of protecting EU personal data transferred to the US?
The US Safe Harbor framework was developed in 2000 by the US Department of Commerce in collaboration with the European Commission (EC) to provide an adequate level of protection for EU businesses that transfer personal data to the US companies so as to enable them to comply with the data export requirements of the EU Data Protection Directive.
Under the framework, US businesses can self-certify on an annual basis that they will comply with a binding set of principles. Although the arrangement is voluntary, once a business signs up to the Safe Harbor register it assumes various legal obligations that are enforced by the US’s Federal Trade Commission.
Since its introduction, many in the EU have been sceptical about the security offered by Safe Harbor — primarily due to perceived shortcomings in the self-certification process. In 2013, a number of high-profile European people and organisations added to or joined the debate (including the German commissioners, the European data protection supervisor, the chairman of the Article 29 Working Party and the EC). Most expressed concern, particularly in light of revelations in the press that the US government has been carrying out mass surveillance of its European allies…
If you are registered and logged in to the site, click on the link below to read the rest of the Wragge & Co briefing. If not, please register or sign in with your details below.
News from Wragge Lawrence Graham & Co
News from The Lawyer
Briefings from Wragge Lawrence Graham & Co
There seems to be a growing recognition that retaining the skills of the older worker makes sound business sense. But are we neglecting our younger potential workforce?
Benefit change exercises — what are the practical implications of the IBM case for trustees and employers?
The latest IBM case has implications for employers and trustees when considering changes to members’ pension benefits. But what implications?