background preloader

About the Safe Harbor

Facebook Twitter

EU Digital Commish: Ja, we should have done more about NSA spying. Europe’s outspoken digi Commissioner, Günther H-dot Oettinger has admitted that the European Commission did too little, too late in reaction to Edward Snowden’s NSA spying revelations. Following a landmark ruling by the European Court of Justice (ECJ) striking down the EU-US data sharing Safe Harbor agreement on Tuesday, Oetti told German daily Der Spiegel that “a mandatory government agreement would be the best solution” but that he didn’t believe it was likely to happen.

The second-best option is a re-negotiated arrangement, said Oettinger, for once sticking to the Commission official line. He said clarity was urgently needed for “the many medium-sized companies that are now feeling insecure”. Safe Harbor is the workaround agreement between the EU and the US that allows international companies to transfer Europeans’ personal data to the US even though the US does not meet the adequacy standards for EU data protection law. The European Parliament has also criticised the Commission.

What's wrong with Safe Harbor

Safe Harbour and the Rule of Law. Posted by Kevin on September 30, 2015. According to Reuters there has been a strange response from the U.S. mission to the European Union over the Advocate General’s opinion that Safe Harbour isn’t automatically legal (see ECJ throws doubt on the future of EU-US Safe Harbour) “The United States does not and has not engaged in indiscriminate surveillance of anyone, including ordinary European citizens…“We hope that the final judgment of the European Court of Justice takes note of these efforts, inaccuracies in and far-reaching consequences of the Advocate General’s opinion, as well as the significant harm to the protection of individual rights and the free flow of information that would occur if it were to follow the Advocate General’s opinion,” the U.S. mission said.

So according to this theory (and we won’t even comment on its strange logic), if you don’t break the law indiscriminately you should be allowed to continue and be excused from breaking the law at all. Share This: CELEX:32000D0520:EN:TXT. Do Not Track for Europe by Frederik J. Zuiderveen Borgesius, Aleecia M. McDonald. Online tracking is the subject of heated debates. In Europe, policy debates focus on the e-Privacy Directive, which requires firms to obtain the consumer’s consent for the use of tracking cookies and similar technologies. A common complaint about the Directive is that clicking “I agree” to hundreds of separate cookie notices is not user-friendly.

Meanwhile, there has been discussion about a Do Not Track (DNT) standard, which should enable people to express their wishes regarding tracking with a simple button in their browser. This paper outlines the requirements that are needed for DNT, or a similar system, to be able to help website publishers and other firms to comply with European privacy law. The three main points of the paper are as follows. We analyse the requirements for DNT that follow from European data privacy law. The interdisciplinary paper is written by a European legal scholar and a US scholar of engineering and public policy.

Can Americans Resist Surveillance? by Ryan Calo. University of Washington - School of Law; Stanford University - Law SchoolJuly 23, 2015 University of Chicago Law Review, Forthcoming University of Washington School of Law Research Paper No. 2015-25 Abstract: This essay analyzes the ability of everyday Americans to resist and alter the conditions of government surveillance. Americans appear to have several avenues of resistance or reform. We can vote for privacy-friendly politicians, challenge surveillance in court, adopt encryption or other technology, and put market pressure on companies not to cooperate with law enforcement.

In practice, however, many of these avenues turn out to be limited. By way of method, this essay adopts James Gibson's influential theory of affordances. Number of Pages in PDF File: 18 Keywords: surveillance, privacy, affordances, technology Suggested Citation Calo, Ryan, Can Americans Resist Surveillance? Vie privée. The Role of Safe Harbor schemes. January 2013 EU: US Safe Harbor scheme The US Department of Commerce has developed, together with the European Commission, a "Safe Harbor" framework. This is a self-certifying process that is available to companies where the data processing activity or operations are capable of falling under the supervisory jurisdiction of the US Federal Trade Commission (FTC) and the Department of Transportation (DOT). The framework requires the US data importer to certify to the US Department of Commerce and to the public that it will conform to certain data protection requirements.

These requirements are reflected in a set of seven principles (see below). In order to adhere to the Safe Harbor framework, the US importer must declare in its privacy policy statement that it conforms to the framework. The seven US Safe Harbor principles that should be met by the US data importer entity are: Notify individuals about the purposes for which information is collected and used. Advantages Disadvantages. Safe Harbor At A Glance. The US Safe Harbor scheme. After more than two years of negotiations with the US Department of Commerce, the European Commission approved the Safe Harbor scheme which sets out a framework of data protection standards which allow the free flow of personal data from EEA data controllers to the US organisations which have joined the scheme.

US companies that adhere to the Safe Harbor data protection standards, principles and procedures will be deemed to provide an adequate level of protection which satisfies, in UK terms, the requirements of Principle 8. Benefits For international companies with subsidiaries or trading partners in the US and the EEA the Safe Harbor scheme is designed to reduce the administrative burden of complying with the Data Protection Directive and to ensure that data flows to Europe are uninterrupted. However, due to the limited take up, it is questionable whether this has been achieved in practice.

Scope Requirements To qualify for the Safe Harbor scheme, a US organisation has three options. Main Safe Harbor Homepage. The European Commission’s Directive on Data Protection went into effect in October of 1998, and would prohibit the transfer of personal data to non-European Union countries that do not meet the European Union (EU) “adequacy” standard for privacy protection. While the United States and the EU share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the EU.

In order to bridge these differences in approach and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "Safe Harbor" framework and this website to provide the information an organization would need to evaluate – and then join – the U.S.

-EU Safe Harbor program. The U.S. To get started, please use the following links: U.S. U.S. U.S.-EU Safe Harbor Framework. International Safe Harbor Privacy Principles. US-EU Safe Harbor (now invalid) was a streamlined process that US companies use to comply with the EU Directive 95/46/EC on the protection of personal data. The US Department of Commerce developed the process in consultation with the European Union, and the European Commission decided it complied with the EU directive. In 2015, the European Court of Justice held the decision invalid, as it did not require all organisations (especially US federal government agencies could use the data under US law, but were not required to opt in) entitled to work with EU privacy-related data to comply with it and thus provided insufficient guarantees. The court furthermore held that companies that opted in were "bound to disregard, without limitation, the protective rules laid down by that scheme where they conflict with" "national security, public interest and law enforcement requirements".[1] Background[edit] The principles were developed in 1998-2000.

Principles[edit] These principles must provide: Press Release: EU-US Safe Harbor Essential To Leading European Companies. The Future of Privacy Forum has conducted a study of the US-EU Safe Harbor program run by the United States Department of Commerce and has documented that more than 150 European companies are active Safe Harbor participants. Recently, some European policymakers have called for an end to the Safe Harbor program, while others have called for the program to be improved. FPF believes that simply terminating the program would have negative consequences for data protection and for companies and consumers not only in the United States, but in Europe as well.

FPF has previously noted the consequences of termination for those European employees who rely on the Safe Harbor program for the processing of their human resources data.¹ FPF’s new study reveals that termination would adversely impact many leading European companies as well. To date, 152² active Safe Harbor member companies are headquartered or co-headquartered in European countries. Methodology: