Scribd Logo
Upload

Welcome to Scribd!

  • The U.S.-E.U. Safe Harbor Framework: Cross Border Data Flows, Data Protection, and Privacy

    Uploaded by

    Akshat Dubey
    15 views12 pages
    The document discusses the U.S.-E.U. Safe Harbor Framework, which provides a streamlined way for U.S. companies to comply with the E.U.'s data protection requirements. It outlines the 7 Safe Harbor Principles around notice, choice, security, and others. Nearly 1,300 U.S. companies have registered with over $630 billion in annual trade between the U.S. and E.U. The framework is voluntary, but registration assures E.U. partners of compliance. Complaints are handled by the FTC without any referrals to E.U. authorities to date.

    Original Description:

    Data Privacy Guidelines

    Original Title

    Safe Harbor Framework

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses the U.S.-E.U. Safe Harbor Framework, which provides a streamlined way for U.S. companies to comply with the E.U.'s data protection requirements. It outlines the 7 Safe Harbor Principles around notice, choice, security, and others. Nearly 1,300 U.S. companies have registered with over $630 billion in annual trade between the U.S. and E.U. The framework is voluntary, but registration assures E.U. partners of compliance. Complaints are handled by the FTC without any referrals to E.U. authorities to date.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    15 views12 pages

    The U.S.-E.U. Safe Harbor Framework: Cross Border Data Flows, Data Protection, and Privacy

    Uploaded by

    Akshat Dubey
    The document discusses the U.S.-E.U. Safe Harbor Framework, which provides a streamlined way for U.S. companies to comply with the E.U.'s data protection requirements. It outlines the 7 Safe Harbor Principles around notice, choice, security, and others. Nearly 1,300 U.S. companies have registered with over $630 billion in annual trade between the U.S. and E.U. The framework is voluntary, but registration assures E.U. partners of compliance. Complaints are handled by the FTC without any referrals to E.U. authorities to date.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 12

    The U.S.-E.U.

    Safe Harbor
    Framework

    Cross Border Data Flows, Data


    Protection, and Privacy

    Damon Greer
    Safe Harbor Program
    October 15, 2007
    Different Approaches to Data Privacy  Why it
    matters

    • European Union’s Data Protection Directive creates a barrier for


    those countries, including the U.S., that do not meet the EU’s
    “adequacy” requirements for data protection.

    • U.S. Department of Commerce and European Commission


    negotiated the SAFE HARBOR to provide U.S. companies with a
    simple, streamlined means of complying with the adequacy
    requirement.

    • Trans-Atlantic Trade in 2006 reached $630 billion

    2
    Adequacy via the Safe Harbor

    • Safe Harbor registration is a voluntary representation to


    European business partners and European citizens that U.S.
    companies will comply with the Safe Harbor framework.
     Administered by the DOC, enforced in the United States
    by the FTC and DOT

    • Currently nearly 1,300 U.S. organizations, including


    multinationals and SMEs.

    3
    7 Safe Harbor Principles (SHFIPPs)

    • NOTICE
    • CHOICE
    • SECURITY
    • ONWARD TRANSFER
    • DATA INTEGRITY
    • ACCESS
    • ENFORCEMENT

    4
    Where to Find Safe Harbor Information

    • http://export.gov/safeharbor/ website includes:

     Safe Harbor List


     Safe Harbor Workbook
     Compliance Checklist/Helpful Hints
     Safe Harbor Documents (including principles,
    FAQ’s, correspondence, etc.)
     Historical documents (including public
    comments)

    5
    Compliance & Enforcement

    • U.S. culture of customer service is highly effective in addressing


    customer complaints/concerns, perhaps more than comprehensive
    legislation.

    • Independent recourse mechanisms are required to notify DoC of a


    company’s failure to comply with the Safe Harbor principles, and
    FTC has authority to take action.

    • Results:
     No referrals and no complaints filed with the EU DPAs.
     TRUSTe, BBB, DMA, and others report internal complaints
    resolved!

    6
    Other Options for Meeting the EU Directive’s
    Requirements
    • Joining Safe Harbor is not the only means of meeting the EU
    Directive’s requirements

    • Other alternatives include:

     “Unambiguous” consent
     Necessary to perform contract
     Codes of Conduct
     Model Contract Clauses
     Direct compliance/registration with EU Authorities

    http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm

    7
    Since 2000, we’ve built credibility and
    confidence in Safe Harbor in the E.U.

    • In November 2000, there were 6 Safe Harbor companies;

    • Today, we are approaching 1,300 organizations spanning


    industries from consumer goods to aviation;

    • Average 35 new members per month;

    • EU view SH as a “Best Practice” and Gold Standard for data


    protection.

    8
    Moving Forward — The Challenge Continues

    • Expanded dialogue with the European Commission;


    Conference on International Transfers of Personal Data,
    Brussels, October 2006

    • More needs to be done by EU to harmonize Data Directive;


    educate data subjects; we raised this specific issue in
    Brussels in bilateral negotiations last fall

    • Increased Emphasis by Industry on Harmonizing Approval


    Process for Binding Corporate Rules

    9
    Safe Harbor Program Membership
    2000 – Oct. 2007
    300

    250 244

    223
    211
    204
    200

    154 HR
    150 143 Non-HR
    Total

    109

    100

    50

    6
    0
    2000 2001 2002 2003 2004 2005 2006 2007

    10
    Safe Harbor Program – Top 20 Industries

    Information Services - (INF) 279

    Computer Services - (CSV) 218

    Computer Software - (CSF) 209

    General Services - (GSV) 125

    Management Consulting Services - (MCS) 87

    Employment Services - (EMP) 71

    Education & Training - (EDS) 65

    Advertising Services - (ADV) 62

    Drugs & Pharmaceuticals - (DRG) 58

    Telecommunications Services - (TES) 57

    Travel & Tourism Services - (TRA) 50

    Financial Services - (FNS) 50

    Health Care Services - (HCS) 41

    Computer & Peripherals - (CPT) 30

    Medical Equipment - (MED) 28

    Biotechnology - (BTC) 26

    Electronic Components - (ELC) 24

    General Consumer Goods - (GCG) 22

    Insurance Services - (INS) 19

    General Science & Technology - (GST) 19

    0 50 100 150 200 250 300

    11
    For additional information or questions

    Contact me at:

    Damon C. Greer
    U.S. Department of Commerce
    HCHB 2003
    1401 Constitution Avenue, N.W.
    Washington, D. C. 20230
    Telephone: (202) 482-5023; Fax: (202) 482-5522
    Email: damon.greer@mail.doc.gov

    12

    You might also like