The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.

Slides:



Advertisements
Similar presentations
Damon Greer Safe Harbor Program October 15, 2007
Advertisements

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007.
1 Agencia Española de Protección de Datos AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL.
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Slide 1 Whois Workshop, ICANN Montreal Meeting Topic, June 2003 Privacy and Data protection consideration of the Whois directories discussion Diana ALONSO.
Sarah Branam Mehmet MunurDino Tsibouris
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
CONFIDENTIAL1 TRUSTe Certification & APEC FTC Workshop on Enforceable Codes of Conduct Panel on APEC’s CBPR System November 29, 2012.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Per Anders Eriksson
High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, Privacy and Cyber Security:
Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Kirkpatrick & Lockhart LLP Attorneys At Law Boston, Dallas, Harrisburg, Los Angeles, Miami, New York, Newark, Pittsburgh, San Francisco, Washington,
Class 13 Internet Privacy Law European Privacy.
THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.
WORLD MEETING OF CUSTOMS LAW BRUSSELS , September “ Studies on Harmonization of Customs Law and Contributions of the Academy for updating and.
© Obelis s.a CODE OF CONDUCT of Authorised Representative services under the Council Directive 93/42/EEC, Directive 98/79/EC and Council Directive.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Principles of good practice Jana Kunická Community Philanthropy Initiative Coordinator European Foundation Centre.
Building User Trust Online Sarah Andrews International Conference on the Legal Aspects of an E-Commerce Transaction The Hague October 2004.
Using Safe Harbor to Develop an Integrated, Global Assessment Approach August 20, 2008.
1 SAFE HARBOR FRAMEWORK Barbara S. Wellbery Morrison & Foerster LLP 2000 Pennsylvania Avenue Washington, DC /
IRSDA Conference What Do the Amendments to Indiana Code Section Mean to You? Kristina Kern Wheeler, General Counsel Ja-Deen L. Johnson, Consumer.
Phare SL Implementation of Technical Regulations on Company Level Top Management Seminar Expert: Willem Wolf Chamber of Commerce and Industry,
Data Protection Privacy in the Digital Age: the UN General Assembly Resolution Sophie Kwasny, 16 October th International Conference, Mauritius.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
Forum INFOBALT 2002 Vilnius, October 21, 2002 Current ICC Initiatives Relating to Data Protection Christopher Kuner Hunton & Williams, Brussels Vice-Chair,
©2012 Morrison & Foerster (UK) LLP | All Rights Reserved | mofo.com Data Protection Masterclass: The New Draft EU Data Protection Regulation 19 September.
Data protection and European citizens’ initiatives
1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.
European Labour Law Institutions and their Competencies JUDr. Jana Komendová, Ph.D.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
DR ANDREA MULLIGAN BARRISTER-AT-LAW LLB, LLM(HARV.), PH.D Safe Harbor and Schrems v DPC.
1 Agencia Española de Protección de Datos The Use of Contracts and BCRs to Transfer Personal Data The European Union – United States Safe Harbor framework:
1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.
1 M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 9 – Financial Services Bilateral.
V Global Forum on Fighting Corruption and Safeguarding Integrity – South Africa Trade and Customs Partnership to fight against corruption and safeguard.
© International Training Centre of the ILO International Labour Standards and the ILO Supervisory System: tools to defend workers’ rights Geneva,
Data Protection – the Lisbon Effect Billy Hawkes Data Protection Commissioner Institute of International and European Affairs Dublin, 17 September 2009.
ANRE The Regulator’s role with Small and Large Consumers - Romania Lusine Caracasian Head of Public Relations&Cooperation Office
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 28 – Consumer and Health Protection.
Privacy and Data Security in an Increasingly Globalized World
Privacy in the Digital Age: the UN General Assembly Resolution
Data Protection Officer’s Overview of the GDPR
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Data Protection: EU & International
GDPR Readiness Project
Information Governance and Data Privacy: A World of Risk
Bob Siegel President Privacy Ref, Inc.
Employee Privacy and Privacy of Employee Information
activistpost Being connected to the largest information.
„Trade union strategies on the use of ILS in labour law reforms”
Data transfers to non-EU countries under the new GDPR
The activity of Art. 29. Working Party György Halmos
SOCIAL DIALOGUE WITHIN EUPAN
Is Data Protection a Fundamental Right Protecting the Individual?
SOCIAL DIALOGUE WITHIN THE SCOPE OF EUPAN
Presentation transcript:

The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department of Commerce August 19, 2008

2 Safe Harbor Review  How We Got Here  European Union’s Data Protection Directive (95/46/EC) in force 1998; Member States implement national data protection laws;  U.S. does not meet EU’s adequacy requirement; U.S. Dept. of Commerce and European Commission negotiate compromise: U.S.- EU Safe Harbor Framework; in force November 1, 2000;  Nearly 1,600 U.S. organizations certified to Safe Harbor; 240 in first six months 2008 (45 in July)

3 Adequacy via the Safe Harbor  Safe Harbor certification is voluntary representation to European business partners and European citizens that U.S. companies will comply with the Safe Harbor Framework;  Eligibility limited to entities who fall under jurisdiction of the FTC and DOT – financial services sector, insurance, telecommunications common carriers, non-profits and meat processing enterprises not eligible ;  Nearly 1,600 U.S. organizations, including multinationals and SMEs are certified; valid for one year and commitment must be reaffirmed annually

4 The Safe Harbor Framework 7 Privacy Principles7 Privacy Principles 15 Frequently Asked Questions15 Frequently Asked Questions EU’s Adequacy DeterminationEU’s Adequacy Determination Letters Between DoC & ECLetters Between DoC & EC Letters Between FTC, DOT, and ECLetters Between FTC, DOT, and EC

5 Compliance & Enforcement  In general, enforcement takes place in the U.S. in accordance with U.S. law (Section 5 Authority under FTC Act);  Private Sector Enforcement which has 3 elements: verification, dispute resolution, and remedies;  Human Resources* – Special Case: Must use EU data protection authorities for dispute resolution & follow national data protection laws with regard to HR; know about works councils

6 Compliance & Enforcement  U.S. culture of customer service is highly effective in addressing customer complaints/concerns, perhaps more than comprehensive legislation;  Independent recourse mechanisms are required to notify DoC of a company’s failure to comply with the Safe Harbor principles, and FTC has authority to take action.  No referrals or complaints filed with the EU DPAs; TRUSTe, BBB, DMA, and others report internal complaints resolved.

7 The Article 26 Derogations The Article 26 Derogations  Joining Safe Harbor is not the only means of meeting the EU Directive’s requirements  Choices include:  “Unambiguous” consent of the data subject  Necessary to perform contract  Codes of Conduct  Standard Contractual Clauses  Direct compliance/registration with EU Authorities

8 Developments in Data Protection/Privacy  ISO’s Joint Technical Committee Work on Global Privacy Standard (4 th Working Draft);  ISO’s JTC-1 SC 27 Proposes “Study Period” to examine forensic processes’ standardization for digital evidence;  International Conference of Data Protection & Privacy Commissioners serves as liaison to ISO privacy standards development;  Standards Council of Canada convinces ISO/TMB to study creation of Technical Committee for Privacy – June 2008

9 Developments in Data Protection/Privacy cont’d  EC’s DG for Information Society & Media proposes draft privacy rules for RFID technologies;  Article 29 Working Party’s 2008 Work Program includes standards development, e-discovery, review of regulatory framework for ecom- munications within EU, search engines and new technologies with privacy implications;  Since autumn 2007, rising concern in the EU over the use of e-discovery for massive data transfers to U.S. either in anticipation of litigation or as a result of ongoing civil court action.

10 Transatlantic Engagement  Continued dialogue with the European Commission; Conference on International Transfers of Personal Data, Brussels, October 2006; October 2007 in Washington, DC;  Workshop on International Transfers of Data, October 21, 2008, Centre de Conferences Albert Borschette (CCAB), Rue Froissart 36, B-1049 Brussels, Belgium  Increased Emphasis by Industry on Harmonizing Approval Process for Binding Corporate Rules; push by Art. 29 WP Chair has resulted in new BCR documents

11 We Self-Certify Compliance with: Safe Harbor Certification Mark

12 For additional information or questions Damon C. Greer U.S. Department of Commerce Telephone: (202) Fax: (202)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.