International Safe Harbor Privacy Principles

Safe HarborSafe Harbor PrinciplesSafe Harbor arrangementUS-EU Safe HarborEU-U.S. Safe Harbor AgreementEU–US Safe Harbor PrinciplesSafe Harbor AgreementSafe Harbor ProgramU.S.-E.U. Safe Harbor PrinciplesU.S.-EU Safe Harbor
The International Safe Harbor Privacy Principles or Safe Harbour Privacy Principles were principles developed between 1998 and 2000 in order to prevent private organizations within the European Union or United States which store customer data from accidentally disclosing or losing personal information.wikipedia
75 Related Articles

Binding corporate rules

According to the Data Protection Directive, companies operating in the European Union are not permitted to send personal data to "third countries" outside the European Economic Area, unless they guarantee adequate levels of protection, "the data subject himself agrees to the transfer" or "if Binding corporate rules or Standard Contractual Clauses have been authorised."
The BCRs were developed as an alternative to the U.S. Department of Commerce EU Safe Harbor (which was for US organizations only, but has been declared invalid and replaced by the EU-U.S. and Swiss-U.S Privacy Shield Frameworks) and the EU Model Contract Clauses.

EU–US Privacy Shield

EU-US Privacy ShieldEU-U.S. Privacy ShieldPrivacy Shield
The European Commission and the United States agreed to establish a new framework for transatlantic data flows on 2 February 2016, known as the "EU-US Privacy Shield". According to the European Commission, the EU-US Privacy Shield agreed on 2 February 2016 "reflects the requirements set out by the European Court of Justice in its ruling on 6 October 2015, which declared the old Safe Harbour framework invalid. The new arrangement will provide stronger obligations on companies in the U.S. to protect the personal data of Europeans and stronger monitoring and enforcement by the U.S. Department of Commerce and Federal Trade Commission, including through increased cooperation with European Data Protection Authorities. The new arrangement includes commitments by the U.S. that possibilities under U.S. law for public authorities to access personal data transferred under the new arrangement will be subject to clear conditions, limitations and oversight, preventing generalised access. Europeans will have the possibility to raise any enquiry or complaint in this context with a dedicated new Ombudsperson".
The EU–US Privacy Shield is a replacement for the International Safe Harbor Privacy Principles, which were declared invalid by the European Court of Justice in October 2015.

FTC v. Balls of Kryptonite

a 2011 casean enforcement action
In a 2011 case, the Federal Trade Commission obtained a consent decree from a California-based online retailer that had sold exclusively to customers in the United Kingdom.
It was the first time the FTC had brought an action against an American company that did business exclusively abroad, its first action enforcing the U.S./EU Safe Harbor Privacy Program and one of the first uses of its expanded ability to coordinate its efforts with foreign counterparts under the SAFE WEB Act Congress had passed several years earlier.

Data Protection Directive

Directive 95/46/EC on the protection of personal dataDirective 95/46/ECEuropean Data Protection Directive
US companies storing customer data could self-certify that they adhered to 7 principles, to comply with the EU Data Protection Directive and with Swiss requirements. These were non-binding and in 1995, the European Union (EU) enacted a more binding form of governance, i.e. legislation, to protect personal data privacy in the form of the Data Protection Directive.

Information privacy

data protectiondata privacyprivacy
These were non-binding and in 1995, the European Union (EU) enacted a more binding form of governance, i.e. legislation, to protect personal data privacy in the form of the Data Protection Directive.
The United States Department of Commerce created the International Safe Harbor Privacy Principles certification program in response to the 1995 Directive on Data Protection (Directive 95/46/EC) of the European Commission.

Privacy policy

privacy policiescorporate privacy policiesinformed
In 2001 the United States Department of Commerce worked to ensure legal compliance for US organizations under an opt-in Safe Harbor Program.

Max Schrems

Europe v FacebookMaximillian SchremsSchrems'' case.
In October 2015, the ECJ responded to a referral from the High Court of Ireland in relation to a complaint from Austrian citizen Maximillian Schrems regarding Facebook's processing of his personal data from its Irish subsidiary to servers in the US.
The European Commission found in the executive decision 2000/520/EC that the so-called EU–US Safe Harbor Principles would provide "adequate protection" under Article 25 of Directive 95/56/EC, when it comes to the transfer of personal information from the EU to the US.

IT risk

Information technology riskriskStandards Organizations and Standards

Safe harbor (law)

safe harborsafe-harborSafe Harbor laws
Five years later, a decision created exceptions where foreign recipients of the data voluntarily agreed to meet EU standards under the International Safe Harbor Privacy Principles.

European Union

EUEuropeanEurope
These were non-binding and in 1995, the European Union (EU) enacted a more binding form of governance, i.e. legislation, to protect personal data privacy in the form of the Data Protection Directive. The International Safe Harbor Privacy Principles or Safe Harbour Privacy Principles were principles developed between 1998 and 2000 in order to prevent private organizations within the European Union or United States which store customer data from accidentally disclosing or losing personal information. They were overturned on October 6, 2015 by the European Court of Justice (ECJ), which enabled some US companies to comply with privacy laws protecting European Union and Swiss citizens.

European Court of Justice

Court of JusticeECJEuropean Court
They were overturned on October 6, 2015 by the European Court of Justice (ECJ), which enabled some US companies to comply with privacy laws protecting European Union and Swiss citizens.

Privacy law

privacyprivacy lawsinvasion of privacy
They were overturned on October 6, 2015 by the European Court of Justice (ECJ), which enabled some US companies to comply with privacy laws protecting European Union and Swiss citizens.

Switzerland

SwissSwiss ConfederationSWI
They were overturned on October 6, 2015 by the European Court of Justice (ECJ), which enabled some US companies to comply with privacy laws protecting European Union and Swiss citizens.

United States Department of Commerce

Department of CommerceU.S. Department of CommerceCommerce Department
The US Department of Commerce developed privacy frameworks in conjunction with both the European Union and the Federal Data Protection and Information Commissioner of Switzerland.

Federal Data Protection and Information Commissioner

Federal Act on Data Protection
The US Department of Commerce developed privacy frameworks in conjunction with both the European Union and the Federal Data Protection and Information Commissioner of Switzerland.

Personal data

personally identifiable informationpersonal informationpersonally identifying information
The International Safe Harbor Privacy Principles or Safe Harbour Privacy Principles were principles developed between 1998 and 2000 in order to prevent private organizations within the European Union or United States which store customer data from accidentally disclosing or losing personal information. Within the context of a series of decisions on the adequacy of the protection of personal data transferred to other countries, the European Commission made a decision in 2000 that the United States' principles did comply with the EU Directive - the so-called "Safe Harbour decision". In 1980, the OECD issued recommendations for protection of personal data in the form of eight principles.

European Commission

EU CommissionCommissionEC
Within the context of a series of decisions on the adequacy of the protection of personal data transferred to other countries, the European Commission made a decision in 2000 that the United States' principles did comply with the EU Directive - the so-called "Safe Harbour decision".

Facebook

Facebook LiveFacebook.comFacebook, Inc.
In October 2015, the ECJ responded to a referral from the High Court of Ireland in relation to a complaint from Austrian citizen Maximillian Schrems regarding Facebook's processing of his personal data from its Irish subsidiary to servers in the US. However, after a customer complained that his Facebook data were insufficiently protected, the ECJ declared in October 2015 that the Safe Harbour Decision was invalid, leading to further talks being held by the Commission with the US authorities towards "a renewed and sound framework for transatlantic data flows".

OECD

Organisation for Economic Co-operation and DevelopmentOrganisation for European Economic Co-operationOrganisation for Economic Co-operation and Development (OECD)
In 1980, the OECD issued recommendations for protection of personal data in the form of eight principles.

European Economic Area

EEAEuropean marketEuropean Economic Area (EEA)
According to the Data Protection Directive, companies operating in the European Union are not permitted to send personal data to "third countries" outside the European Economic Area, unless they guarantee adequate levels of protection, "the data subject himself agrees to the transfer" or "if Binding corporate rules or Standard Contractual Clauses have been authorised."

Federal Trade Commission

FTCU.S. Federal Trade CommissionUnited States Federal Trade Commission
In a 2011 case, the Federal Trade Commission obtained a consent decree from a California-based online retailer that had sold exclusively to customers in the United Kingdom. According to the European Commission, the EU-US Privacy Shield agreed on 2 February 2016 "reflects the requirements set out by the European Court of Justice in its ruling on 6 October 2015, which declared the old Safe Harbour framework invalid. The new arrangement will provide stronger obligations on companies in the U.S. to protect the personal data of Europeans and stronger monitoring and enforcement by the U.S. Department of Commerce and Federal Trade Commission, including through increased cooperation with European Data Protection Authorities. The new arrangement includes commitments by the U.S. that possibilities under U.S. law for public authorities to access personal data transferred under the new arrangement will be subject to clear conditions, limitations and oversight, preventing generalised access. Europeans will have the possibility to raise any enquiry or complaint in this context with a dedicated new Ombudsperson". Only U.S. organizations regulated by the Federal Trade Commission or the Department of Transportation may participate in this voluntary program.

United States Department of Transportation

U.S. Department of TransportationDepartment of TransportationUS Department of Transportation
Only U.S. organizations regulated by the Federal Trade Commission or the Department of Transportation may participate in this voluntary program.

People's Choice Credit Union

Savings & LoansAustralian CentralAustralian Central Credit Union
This excludes many financial institutions (such as banks, investment houses, credit unions, and savings & loans institutions), telecommunication common carriers, including internet service providers, labor associations, non-profit organizations, agricultural co-operatives, and meat processors, journalists and most insurances.

Common carrier

carriercommon carrierscommon-carrier
This excludes many financial institutions (such as banks, investment houses, credit unions, and savings & loans institutions), telecommunication common carriers, including internet service providers, labor associations, non-profit organizations, agricultural co-operatives, and meat processors, journalists and most insurances.

Internet service provider

ISPInternet service providersISPs
This excludes many financial institutions (such as banks, investment houses, credit unions, and savings & loans institutions), telecommunication common carriers, including internet service providers, labor associations, non-profit organizations, agricultural co-operatives, and meat processors, journalists and most insurances.