Safe Harbor is the policy agreement established between the United States Department of Commerce and the European Union in November 2000. Its purpose is to regulate the way US companies export and handle the personal information of European citizens, such as names and addresses.
One of the Safe Harbor stipulations requires that the companies collecting the personal data must inform people that the data is being gathered and tell them for what purpose. The companies must also obtain permission to pass on this data to a third party. Data integrity and security are a must.
This agreement comes as a compromise solution between US and EU privacy procedures. All the 28 EU countries are subject to this agreement, meaning the data transfers can proceed without individual authorization. But the US companies that do not join Safe Harbor must obtain a separate authorization from each European country.
Now the United States and the European Union have about three months to agree on a plan that allows the legal transfer of European citizens‘ personal information. January 31st 2016 is the deadline given, after the European Court of Justice stroke-down the existing Safe Harbor. It has been stated that if a solution is not found by that time, ‚ EU data protection authorities are committed to take all necessary and appropriate actions, which may include coordinated enforcement actions.‘
For the past two years, the US and EU have been trying to reach a new agreement. They initially turned to the ‚model clauses‘ as a compromise for the time being, but legal experts and German data protection authorities question them. The firm position of German authorities is that the ‚model contractual clauses‘ are not reliable and the transfers of personal data from Europe to the US should be suspended.
Businesses should consider the risks involved in transferring data and take legal and technical measures in a timely manner to respect EU data protection laws. Data protection and privacy regulations are very serious matters in general and particularly in eCommerce. The lack of a solution will have a massive impact upon business relations between European and US companies.
In this context, it’s relevant to highlight that infin is an officially registered telecommunications service provider in Germany, monitored by the Federal Network Agency and governed by the German telecommunications law, the strictest data protection regulation. All of infin’s productive data centers are located in Germany. Contact us to discuss more about handling sensitive information.
Read more about Safe Harbor here.
