A brief summary of the U.S.- E.U. Data Protection Privacy Shield known as the Safe Harbor Framework.
Last Published: 11/1/2016

Privacy Shield/Safe Harbor

Advisory:
On October 6, 2015, the European Court of Justice issued a judgment declaring as “invalid” the European Commission’s Decision 2000/520/EC of 26 July 2000 “on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.”

In the current rapidly changing environment, the Department of Commerce will continue to administer the Safe Harbor program, including processing submissions for self-certification to the Safe Harbor Framework.  If you have questions, please contact the European Commission, the appropriate European national data protection authority, or legal counsel.

Please click here for information regarding the EU-U.S. Privacy Shield, including a statement by Secretary Pritzker and a factsheet.

Introduction:
The European Commission’s Directive on Data Protection went into effect in October of 1998, and would prohibit the transfer of personal data to non-European Union countries that do not meet the European Union (EU) “adequacy” standard for privacy protection. While the United States and the EU share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the EU.

In order to bridge these differences in approach and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "Safe Harbor" framework and this website to provide the information an organization would need to evaluate – and then join – the U.S.-EU Safe Harbor program.

The U.S. Department of Commerce in consultation with the Federal Data Protection and Information Commissioner of Switzerland developed a separate "Safe Harbor" framework to bridge the differences between the two countries’ approaches to privacy and provide a streamlined means for U.S. organizations to comply with Swiss data protection law. This website also provides the information an organization would need to evaluate – and then join – the U.S.-Swiss Safe Harbor program.

Eligibility for Self-Certification:
Only U.S. organizations subject to the jurisdiction of the Federal Trade Commission (FTC) or U.S. air carriers and ticket agents subject to the jurisdiction of the Department of Transportation (DOT) may participate in the Safe Harbor.  Organizations generally not subject to FTC jurisdiction include certain financial institutions, (such as banks, investment houses, credit unions, and savings & loan institutions), telecommunication common carriers, labor associations, non-profit organizations, agricultural co-operatives, and meat processing facilities.  In addition, the FTC’s jurisdiction with regard to insurance activities is limited to certain circumstances.  If you are uncertain as to whether your organization falls under the jurisdiction of either the FTC or DOT, as certain exceptions to general ineligibility do exist, be sure to contact those agencies for more information.

Advisory:
On October 6, 2015, the European Court of Justice issued a judgment declaring as “invalid” the European Commission’s Decision 2000/520/EC of 26 July 2000 “on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.”

In the current rapidly changing environment, the Department of Commerce will continue to administer the Safe Harbor program, including processing submissions for self-certification to the Safe Harbor Framework.  If you have questions, please contact the European Commission, the appropriate European national data protection authority, or legal counsel.

Please click here for information regarding the EU-U.S. Privacy Shield, including a statement by Secretary Pritzker and a factsheet.

Introduction:
The European Commission’s Directive on Data Protection went into effect in October of 1998, and would prohibit the transfer of personal data to non-European Union countries that do not meet the European Union (EU) “adequacy” standard for privacy protection. While the United States and the EU share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the EU.

In order to bridge these differences in approach and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "Safe Harbor" framework and this website to provide the information an organization would need to evaluate – and then join – the U.S.-EU Safe Harbor program.

The U.S. Department of Commerce in consultation with the Federal Data Protection and Information Commissioner of Switzerland developed a separate "Safe Harbor" framework to bridge the differences between the two countries’ approaches to privacy and provide a streamlined means for U.S. organizations to comply with Swiss data protection law. This website also provides the information an organization would need to evaluate – and then join – the U.S.-Swiss Safe Harbor program.

Eligibility for Self-Certification:
Only U.S. organizations subject to the jurisdiction of the Federal Trade Commission (FTC) or U.S. air carriers and ticket agents subject to the jurisdiction of the Department of Transportation (DOT) may participate in the Safe Harbor.  Organizations generally not subject to FTC jurisdiction include certain financial institutions, (such as banks, investment houses, credit unions, and savings & loan institutions), telecommunication common carriers, labor associations, non-profit organizations, agricultural co-operatives, and meat processing facilities.  In addition, the FTC’s jurisdiction with regard to insurance activities is limited to certain circumstances.  If you are uncertain as to whether your organization falls under the jurisdiction of either the FTC or DOT, as certain exceptions to general ineligibility do exist, be sure to contact those agencies for more information.

Prepared by the International Trade Administration. With its network of 108 offices across the United States and in more than 75 countries, the International Trade Administration of the U.S. Department of Commerce utilizes its global presence and international marketing expertise to help U.S. companies sell their products and services worldwide. Locate the trade specialist in the U.S. nearest you by visiting http://export.gov/usoffices.



Legal Conditions Safe Harbor