INTRODUCTION TO THE
SAFE HARBOR:
The European Commissions
Directive on Data Protection went into effect in October,1998, and
would prohibit the transfer of personal data to non-European Union
nations that do not meet the European adequacy standard
for privacy protection. While the United States and the European
Union share the goal of enhancing privacy protection for their citizens,
the United States takes a different approach to privacy from that
taken by the European Union. The United States uses a sectoral approach
that relies on a mix of legislation, regulation, and self regulation.
The European Union, however, relies on comprehensive legislation
that, for example, requires creation of government data protection
agencies, registration of data bases with those agencies, and in
some instances prior approval before personal data processing may
begin. As a result of these different privacy approaches, the Directive
could have significantly hampered the ability of U.S. companies
to engage in many trans-Atlantic transactions.
In order to bridge
these different privacy approaches and provide a streamlined means
for U.S. organizations to comply with the Directive, the U.S. Department
of Commerce in consultation with the European Commission developed
a "Safe Harbor" framework. The Safe Harbor approved by the
EU in July of 2000 is an important way for U.S. companies
to avoid experiencing interruptions in their business dealings with
the EU or facing prosecution by European authorities under European
privacy laws. Certifying to the Safe Harbor will assure that EU
organizations know that your company provides adequate
privacy protection, as defined by the Directive.
This website provides
the information an organization should need to evaluate, and then
join, the Safe Harbor. The checklist above should guide you through
the process.
|