EU/US: Safe Harbor Agreement – trust is good, control is better...

Companies wishing to process data in the US must ensure that the level of data protection provided satisfies the relevant legal requirements applicable in the EU. The "Safe Harbor Agreement" between the US and EU, which was established for this purpose 10 years ago, aims to guarantee that these requirements are met. Companies are therefore able to check that the American company processing their data has entered into the Safe Harbor Agreement.

A study relating to this issue, entitled "Safe Harbor - Fact or Fiction" and produced by the US consulting agency "Galexia", has now found that more than 200 US companies claim to have signed the Safe Harbor Agreement, but do not in fact appear on the Safe Harbor list. Furthermore, the study also found that most companies do not comply with the relevant regulations, despite having signed the agreement and being on the list.

For this reason, companies wishing to process data in the US should check that the company in question is really on the Safe Harbor list and that its entry is up to date. They can thereby check whether the relevant company is telling the truth about having signed the Safe Harbor Agreement; they cannot, however, check whether the company actually fulfills the Safe Harbor requirements.