Presentation is loading. Please wait.

Presentation is loading. Please wait.

The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.

Published byAlexis Harper Modified over 8 years ago

Similar presentations

Presentation on theme: "The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department."— Presentation transcript:

1 The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department of Commerce August 19, 2008

2 2 Safe Harbor Review  How We Got Here  European Union’s Data Protection Directive (95/46/EC) in force 1998; Member States implement national data protection laws;  U.S. does not meet EU’s adequacy requirement; U.S. Dept. of Commerce and European Commission negotiate compromise: U.S.- EU Safe Harbor Framework; in force November 1, 2000;  Nearly 1,600 U.S. organizations certified to Safe Harbor; 240 in first six months 2008 (45 in July)

3 3 Adequacy via the Safe Harbor  Safe Harbor certification is voluntary representation to European business partners and European citizens that U.S. companies will comply with the Safe Harbor Framework;  Eligibility limited to entities who fall under jurisdiction of the FTC and DOT – financial services sector, insurance, telecommunications common carriers, non-profits and meat processing enterprises not eligible ;  Nearly 1,600 U.S. organizations, including multinationals and SMEs are certified; valid for one year and commitment must be reaffirmed annually

4 4 The Safe Harbor Framework 7 Privacy Principles7 Privacy Principles 15 Frequently Asked Questions15 Frequently Asked Questions EU’s Adequacy DeterminationEU’s Adequacy Determination Letters Between DoC & ECLetters Between DoC & EC Letters Between FTC, DOT, and ECLetters Between FTC, DOT, and EC http://export.gov/safeharbor/

5 5 Compliance & Enforcement  In general, enforcement takes place in the U.S. in accordance with U.S. law (Section 5 Authority under FTC Act);  Private Sector Enforcement which has 3 elements: verification, dispute resolution, and remedies;  Human Resources* – Special Case: Must use EU data protection authorities for dispute resolution & follow national data protection laws with regard to HR; know about works councils

6 6 Compliance & Enforcement  U.S. culture of customer service is highly effective in addressing customer complaints/concerns, perhaps more than comprehensive legislation;  Independent recourse mechanisms are required to notify DoC of a company’s failure to comply with the Safe Harbor principles, and FTC has authority to take action.  No referrals or complaints filed with the EU DPAs; TRUSTe, BBB, DMA, and others report internal complaints resolved.

7 7 The Article 26 Derogations The Article 26 Derogations  Joining Safe Harbor is not the only means of meeting the EU Directive’s requirements  Choices include:  “Unambiguous” consent of the data subject  Necessary to perform contract  Codes of Conduct  Standard Contractual Clauses  Direct compliance/registration with EU Authorities http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm

8 8 Developments in Data Protection/Privacy  ISO’s Joint Technical Committee Work on Global Privacy Standard (4 th Working Draft);  ISO’s JTC-1 SC 27 Proposes “Study Period” to examine forensic processes’ standardization for digital evidence;  International Conference of Data Protection & Privacy Commissioners serves as liaison to ISO privacy standards development;  Standards Council of Canada convinces ISO/TMB to study creation of Technical Committee for Privacy – June 2008

9 9 Developments in Data Protection/Privacy cont’d  EC’s DG for Information Society & Media proposes draft privacy rules for RFID technologies;  Article 29 Working Party’s 2008 Work Program includes standards development, e-discovery, review of regulatory framework for ecom- munications within EU, search engines and new technologies with privacy implications;  Since autumn 2007, rising concern in the EU over the use of e-discovery for massive data transfers to U.S. either in anticipation of litigation or as a result of ongoing civil court action.

10 10 Transatlantic Engagement  Continued dialogue with the European Commission; Conference on International Transfers of Personal Data, Brussels, October 2006; October 2007 in Washington, DC;  Workshop on International Transfers of Data, October 21, 2008, Centre de Conferences Albert Borschette (CCAB), Rue Froissart 36, B-1049 Brussels, Belgium  Increased Emphasis by Industry on Harmonizing Approval Process for Binding Corporate Rules; push by Art. 29 WP Chair has resulted in new BCR documents

11 11 We Self-Certify Compliance with: Safe Harbor Certification Mark

12 12 For additional information or questions Damon C. Greer U.S. Department of Commerce Telephone: (202) 482-5023 Fax: (202) 482-5522 Email: damon.greer@mail.doc.govdamon.greer@mail.doc.gov http://export.gov/safeharbor/

Download ppt "The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department."

Similar presentations

Damon Greer Safe Harbor Program October 15, 2007

Damon Greer Safe Harbor Program October 15, 2007
EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007.

Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007.
1 Agencia Española de Protección de Datos AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL.

1 Agencia Española de Protección de Datos AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL.
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Slide 1 Whois Workshop, ICANN Montreal Meeting Topic, June 2003 Privacy and Data protection consideration of the Whois directories discussion Diana ALONSO.

Slide 1 Whois Workshop, ICANN Montreal Meeting Topic, June 2003 Privacy and Data protection consideration of the Whois directories discussion Diana ALONSO.
Sarah Branam Mehmet MunurDino Tsibouris

Sarah Branam Mehmet MunurDino Tsibouris
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada www.colinbennett.ca.

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
CONFIDENTIAL1 TRUSTe Certification & APEC FTC Workshop on Enforceable Codes of Conduct Panel on APEC’s CBPR System November 29, 2012.

CONFIDENTIAL1 TRUSTe Certification & APEC FTC Workshop on Enforceable Codes of Conduct Panel on APEC’s CBPR System November 29, 2012.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.

Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Per Anders Eriksson

Per Anders Eriksson
High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 www.usibc.com Privacy and Cyber Security:

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, Privacy and Cyber Security:
Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Similar presentations

Ads by Google