Cover Letter from Acting Under Secretary for International Trade Administration Robert S. LaRussa

July 21, 2000

Dear Colleagues:

I am pleased to announce that the U.S. Department of Commerce, in order to foster, promote, and develop international commerce, formally transmitted the Safe Harbor Principles and related documents to the European Commission on July 18, 2000. In addition to being posted on our website (, the Safe Harbor Principles and associated documentation will be issued by the Federal Register on Friday, July 21, 2000.

The Principles, which include a set of Frequently Asked Questions (FAQs) that supplement the Safe Harbor Privacy Principles, are intended to serve as authoritative guidance to U.S. companies and other organizations receiving personal data from the European Union. Upon receipt of the Principles, the Commission is expected to issue an "adequacy determination" for the safe harbor arrangement. Organizations receiving personal data transfers from the EU and complying with the Principles will be considered to meet the "adequacy" requirements of the European Union's Directive on Data Protection. The Principles thus establish a predictable basis for such transfers.

Finalizing this arrangement culminates over two years of discussions with the Europeans. The safe harbor is a landmark accord for e-commerce. It bridges the differences between EU and U.S. approaches to privacy protection and will ensure that data flows between the U.S. and the EU are not interrupted. As a result, it should help ensure that e-commerce continues to flourish.

We will provide additional information about scheduling and next steps after the European Commission has issued its "adequacy determination."


Robert S. LaRussa

Acting Under Secretary for International Trade Administration



A: Safe Harbor Privacy Principles

B: Frequently Asked Questions (FAQs)

1.     Sensitive Data
2.     Journalistic Exceptions
3.     Secondary Liability
4.     Investment Banking and Audits
5.     The Role of Data Protection Authorities
6.     Self-Certification
7.     Verification
8.     Access
9.     Human Resources
10.   Article 17 contracts
11.   Dispute Resolution and Enforcement
12.   Choice - Timing of Opt-out
13.   Travel Information
14.   Pharmaceutical and Medical Products
15.   Public Record and Publicly Available Information

C.     Letter from U.S. Department of Commerce to Commission Services transmitting the Safe Harbor Privacy Principles and FAQs, etc.

D.     Safe Harbor Enforcement Overview

E.     Department of Commerce Memorandum on Damages for Breaches of Privacy, Legal Authorizations and Mergers and Takeovers in U.S. Law

F.     Letter from the Federal Trade Commission concerning its jurisdiction over consumer privacy issues

G.     Letter from the Department of Transportation concerning its authority in protecting the privacy of consumers with respect to information provided to airlines

Please direct any questions to Becky Richards at or