1 / 12

The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance

The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance. Damon Greer U.S. Department of Commerce August 19, 2008. Safe Harbor Review  How We Got Here.

eliza
Download Presentation

The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The U.S.-E.U. Safe Harbor FrameworkNew Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department of Commerce August 19, 2008

  2. Safe Harbor Review  How We Got Here • European Union’s Data Protection Directive (95/46/EC) in force 1998; Member States implement national data protection laws; • U.S. does not meet EU’s adequacy requirement; U.S. Dept. of Commerce and European Commission negotiate compromise: U.S.-EU Safe Harbor Framework; in force November 1, 2000; • Nearly 1,600 U.S. organizations certified to Safe Harbor; 240 in first six months 2008 (45 in July)

  3. Adequacy via the Safe Harbor • Safe Harbor certification is voluntary representation to European business partners and European citizens that U.S. companies will comply with the Safe Harbor Framework; • Eligibility limited to entities who fall under jurisdiction of the FTC and DOT – financial services sector, insurance, telecommunications common carriers, non-profits and meat processing enterprises not eligible ; • Nearly 1,600 U.S. organizations, including multinationals and SMEs are certified; valid for one year and commitment must be reaffirmed annually

  4. The Safe Harbor Framework • 7 Privacy Principles • 15 Frequently Asked Questions • EU’s Adequacy Determination • Letters Between DoC & EC • Letters Between FTC, DOT, and EC • http://export.gov/safeharbor/

  5. Compliance & Enforcement • In general, enforcement takes place in the U.S. in accordance with U.S. law (Section 5 Authority under FTC Act); • Private Sector Enforcement which has 3 elements: verification, dispute resolution, and remedies; • Human Resources* – Special Case: Must use EU data protection authorities for dispute resolution & follow national data protection laws with regard to HR; know about works councils

  6. Compliance& Enforcement • U.S. culture of customer service is highly effective in addressing customer complaints/concerns, perhaps more than comprehensive legislation; • Independent recourse mechanisms are required to notify DoC of a company’s failure to comply with the Safe Harbor principles, and FTC has authority to take action. • No referrals or complaints filed with the EU DPAs; TRUSTe, BBB, DMA, and others report internal complaints resolved.

  7. The Article 26 Derogations • Joining Safe Harbor is not the only meansof meeting theEU Directive’s requirements • Choices include: • “Unambiguous” consent of the data subject • Necessary to perform contract • Codes of Conduct • Standard Contractual Clauses • Direct compliance/registration with EU Authorities http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm

  8. Developments in Data Protection/Privacy • ISO’s Joint Technical Committee Work on Global Privacy • Standard (4th Working Draft); • ISO’s JTC-1 SC 27 Proposes “Study Period” to examine forensic • processes’ standardization for digital evidence; • International Conference of Data Protection & Privacy • Commissioners serves as liaison to ISO privacy standards • development; • Standards Council of Canada convinces ISO/TMB to study • creation of Technical Committee for Privacy – June 2008

  9. Developments in Data Protection/Privacy cont’d • EC’s DG for Information Society & Media proposes draft • privacy rules for RFID technologies; • Article 29 Working Party’s 2008 Work Program includes standards • development, e-discovery, review of regulatory framework for ecom- • munications within EU, search engines and new technologies with • privacy implications; • Since autumn 2007, rising concern in the EU over the use of e-discovery • for massive data transfers to U.S. either in anticipation of litigation or as • a result of ongoing civil court action.

  10. Transatlantic Engagement • Continued dialogue with the European Commission; Conference on International Transfers of Personal Data, Brussels, October 2006; October 2007 in Washington, DC; • Workshop on International Transfers of Data, October 21, 2008, Centre de Conferences Albert Borschette (CCAB), Rue Froissart 36, B-1049 Brussels, Belgium • Increased Emphasis by Industry on Harmonizing Approval Process for Binding Corporate Rules; push by Art. 29 WP Chair has resulted in new BCR documents

  11. We Self-Certify Compliance with: Safe Harbor Certification Mark

  12. For additional information or questions Damon C. Greer U.S. Department of Commerce Telephone: (202) 482-5023 Fax: (202) 482-5522 Email: damon.greer@mail.doc.gov http://export.gov/safeharbor/

More Related