EU Assesses Adequacy of US Safe Harbor Privacy Compliance

Article type: Review Article

Abstract: In October 1995 the European Commission approved a Directive (95/46/EC) on the protection of individuals with regard to the processing of personal data and on the free movement of such data. It restricts transfers of personal data from EU Member States to other countries outside the EU where the legal regime does not ensure an adequate level of privacy protection for natural persons. The Commission in July 2000 adopted a Decision (520/2000/EC) that allows transfers of personal data between Europe and the United States. This recognized the Safe Harbor Privacy Principles and Frequently Asked Questions that had been issued by the US Department of Commerce as "providing adequate protection for the purposes of personal data transfers from the EU." As a result, data transfers from EU Member States to US organizations that subscribe to the Principles can take place lawfully insofar as the recipient organizations are deemed to provide an adequate level of privacy protection. This report presents excerpts from the Commission Staff Working Document (SEC (2004) 1323) of October 10, 2004 on the implementation of the Safe Harbor Decision. The full text should be consulted for extensive footnotes.

Journal: I-WAYS, Digest of Electronic Commerce Policy and Regulation, vol. 28, no. 1, pp. 27-33, 2005