1 / 12

Navigating Cross-Border Data Flows: The U.S.-E.U. Safe Harbor Framework

Explore the importance of data privacy in cross-border transactions, specifically focusing on the U.S.-E.U. Safe Harbor Framework. Learn about the barriers created by the EU's Data Protection Directive and how the Safe Harbor provides a solution for U.S. companies. Discover the seven Safe Harbor Principles and compliance information. Find out about alternatives to Safe Harbor for meeting the EU Directive's requirements and the growth and benefits of Safe Harbor membership. Contact Damon C. Greer at the U.S. Department of Commerce for more details.

topanga
Download Presentation

Navigating Cross-Border Data Flows: The U.S.-E.U. Safe Harbor Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The U.S.-E.U. Safe Harbor FrameworkCross Border Data Flows, Data Protection, and Privacy Damon Greer Safe Harbor Program October 15, 2007

  2. Different Approaches to Data Privacy  Why it matters • European Union’s Data Protection Directive creates a barrier for those countries, including the U.S., that do not meet the EU’s “adequacy” requirements for data protection. • U.S. Department of Commerce and European Commission negotiated the SAFE HARBOR to provide U.S. companies with a simple, streamlined means of complying with the adequacy requirement. • Trans-Atlantic Trade in 2006 reached $630 billion

  3. Adequacy via the Safe Harbor • Safe Harbor registration is a voluntary representation to European business partners and European citizens that U.S. companies will comply with the Safe Harbor framework. • Administered by the DOC, enforced in the United States by the FTC and DOT • Currently nearly 1,300 U.S. organizations, including multinationals and SMEs.

  4. 7 Safe Harbor Principles (SHFIPPs) • NOTICE • CHOICE • SECURITY • ONWARD TRANSFER • DATA INTEGRITY • ACCESS • ENFORCEMENT

  5. Where to Find Safe Harbor Information • http://export.gov/safeharbor/ website includes: • Safe Harbor List • Safe Harbor Workbook • Compliance Checklist/Helpful Hints • Safe Harbor Documents (including principles, FAQ’s, correspondence, etc.) • Historical documents (including public comments)

  6. Compliance& Enforcement • U.S. culture of customer service is highly effective in addressing customer complaints/concerns, perhaps more than comprehensive legislation. • Independent recourse mechanisms are required to notify DoC of a company’s failure to comply with the Safe Harbor principles, and FTC has authority to take action. • Results: • No referrals and no complaints filed with the EU DPAs. • TRUSTe, BBB, DMA, and others report internal complaints resolved!

  7. Other Options for Meeting the EU Directive’s Requirements • Joining Safe Harbor is not the only meansof meeting theEU Directive’s requirements • Other alternatives include: • “Unambiguous” consent • Necessary to perform contract • Codes of Conduct • Model Contract Clauses • Direct compliance/registration with EU Authorities http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm

  8. Since 2000, we’ve built credibility and confidence in Safe Harbor in the E.U. • In November 2000, there were 6 Safe Harbor companies; • Today, we are approaching 1,300 organizations spanning industries from consumer goods to aviation; • Average 35 new members per month; • EU view SH as a “Best Practice” and Gold Standard for data protection.

  9. Moving Forward — The Challenge Continues • Expanded dialogue with the European Commission; Conference on International Transfers of Personal Data, Brussels, October 2006 • More needs to be done by EU to harmonize Data Directive; educate data subjects; we raised this specific issue in Brussels in bilateral negotiations last fall • Increased Emphasis by Industry on Harmonizing Approval Process for Binding Corporate Rules

  10. Safe Harbor Program Membership2000 – Oct. 2007

  11. Safe Harbor Program – Top 20 Industries

  12. For additional information or questions Contact me at: Damon C. Greer U.S. Department of Commerce HCHB 2003 1401 Constitution Avenue, N.W. Washington, D. C. 20230 Telephone: (202) 482-5023; Fax: (202) 482-5522 Email: damon.greer@mail.doc.gov

More Related