International Safe Harbor Privacy Principles

The International Safe Harbor Privacy Principles or Safe Harbour Privacy Principles were principles developed between 1998 and 2000 in order to prevent private organizations within the European Union or United States which store customer data from accidentally disclosing or losing personal information. They were overturned on October 6, 2015, by the European Court of Justice (ECJ), which enabled some US companies to comply with privacy laws protecting European Union and Swiss citizens.^[1] US companies storing customer data could self-certify that they adhered to 7 principles, to comply with the EU Data Protection Directive and with Swiss requirements. The US Department of Commerce developed privacy frameworks in conjunction with both the European Union and the Federal Data Protection and Information Commissioner of Switzerland.^[2]

Within the context of a series of decisions on the adequacy of the protection of personal data transferred to other countries,^[3] the European Commission made a decision in 2000 that the United States' principles did comply with the EU Directive^[4] – the so-called Safe Harbor decision.^[5] However, after a customer complained that his Facebook data were insufficiently protected, the ECJ declared in October 2015 that the Safe Harbor decision was invalid, leading to further talks being held by the commission with the US authorities towards "a renewed and sound framework for transatlantic data flows".^[6]

The European Commission and the United States agreed to establish a new framework for transatlantic data flows on 2 February 2016, known as the "EU–US Privacy Shield",^[7] which was closely followed by the Swiss-US Privacy Shield Framework.

^ Cite error: The named reference inval was invoked but never defined (see the help page).
^ Welcome to the U.S.-Swiss Safe Harbor accessed 1 November 2015
^ Commission decisions on the adequacy of the protection of personal data in third countries accessed 1 November 2015
^ 2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified under document number C(2000) 2441), accessed 1 November 2015
^ statement of the Data Protection Working Party on the EU US Privacy Shield, additional text.
^ Vera Jourova, "Commissioner Jourová's remarks on Safe Harbour EU Court of Justice judgement before the Committee on Civil Liberties, Justice and Home Affairs (LIBE)", 26 October 2015
^ The new transatlantic data “Privacy Shield”, accessed 25 February 2016

[inval-1] Cite error: The named reference inval was invoked but never defined (see the help page).

[2] Welcome to the U.S.-Swiss Safe Harbor accessed 1 November 2015

[3] Commission decisions on the adequacy of the protection of personal data in third countries accessed 1 November 2015

[4] 2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified under document number C(2000) 2441), accessed 1 November 2015

[5] statement of the Data Protection Working Party on the EU US Privacy Shield, additional text.

[6] Vera Jourova, "Commissioner Jourová's remarks on Safe Harbour EU Court of Justice judgement before the Committee on Civil Liberties, Justice and Home Affairs (LIBE)", 26 October 2015

[7] The new transatlantic data “Privacy Shield”, accessed 25 February 2016

[1]

[2]

[3]

[4]

[5]

[6]

[7]