D/US:Safe Harbor
Category: NachrichtenBy: R. Olschewski - 2B Advice GmbH - the privacy benchmark
As many transatlantic companies already know, since July 2000 a so-called Safe-Harbor Agreement has existed between the EU and the US Department of Commerce covering matters relating to an adequate level of data protection.
By being willing to self-regulate and make declarations to the Federal Trade Commission (FTC), companies have created a framework in which personal data can be transferred to the US from Europe under the same conditions as within the European Economic Area (EU/EWR).
The highest supervisory authorities for data protection in the non-public area point to the fact that companies that export data to bodies in the US cannot solely rely on Safe-Harbor certification. Transmitting companies must also be able to prove that Safe-Harbor principles are being adhered to, at least in the absence of comprehensive checks by the authorities.
Checking the date of an importer's Safe-Harbor Certification is crucial, because if it took place more than seven years ago, it is no longer valid. The data transmitter must also be able to prove that the US company is fulfilling its Safe-Harbor information obligations to those affected by the data-processing. If it is discovered that Safe-Harbor principles are being breached, the responsible data protection authorities should be informed.
Companies must keep a record of this minimum examination and on request provide proof of it to the supervisory authorities.
A company is therefore well advised not only to have a look at a US partner's Safe-Harbor entry on the Internet, but also to check the latter's corporate standard. If following examination there are any doubts concerning compliance with the Safe-Harbor criteria, data-protection experts recommend the use of standard contractual clauses or binding corporate guidelines to ensure that the importer provides an adequate level of data protection.
(715 times viewed)