EU gives US Safe Harbor another chance

02/12/2013
Tags:

The EU Commission has now reviewed the working of the US Safe Harbor programme on transfers of personal data from the European Economic Area to the US, and says that it will wait until summer 2014 to see whether it will suspend, modify or even revoke its Safe Harbor decision based on the progress that the US has made by then. The EU Commission makes 13 recommendations for improvements.

Data Protection Authorities in the EU as well as the Commission have had concerns over the scheme due to lack of enforcement, general formulation of the principles and the high reliance on self-certification.  Since 2009, the US Federal Trade Commission has brought 10 enforcement actions against companies based on Safe Harbor violations. Most worryingly, there have been false claims of Safe Harbor adherence. The Commission says that about 10% of companies claiming membership in the Safe Harbour are not listed by the US Department of Commerce as current members of the scheme. The Department of Commerce says that it has now started to contact Safe Harbor participants one month prior to their certification renewal date to alert them. It has also, since March 2013, made it mandatory for Safe Harbor participants to make their privacy policy readily available on their public website.

The EU Commission, however, requires more transparency and better redress mechanisms.  Self-certified companies should publish privacy conditions of any contracts they conclude with subcontractors, for example, cloud computing services. A certain percentage of the participant companies should be investigated for effective compliance of their privacy policies. Any false claims should continue to be investigated.

The EU Commission Communication to the European Parliament and the Council on the Functioning of the Safe Harbour from the Perspective of EU Citizens and Companies Established in the EU is at
http://ec.europa.eu/justice/data-protection/files/com_2013_847_en.pdf

Read more about this topic in the December issue of PL&B’s International Report.

A PL&B webinar on the US Safe Harbor: If you are interested in attending a PL&B webinar in early 2014 on the future of the US Safe Harbor, e-mail glenn@privacylaws.com with “US Safe Harbor” in the subject line.

Christopher M. Hoff, Administrator / U.S.-EU & U.S.-Swiss Safe Harbor Frameworks will speak at PL&B's 27th Annual International Conference, New Horizons - New Risks, 30th June-2 July 2014, Queens' College, Cambridge. See www.privacylaws.com/annualconference

 


 

Comments:

If you would like to comment on this article, please login or register.

Archive

Tag cloud