Privacy Advisor

Safe Harbor Certification Mark

Privacy News

September 1, 2008

U.S. Commerce Department Develops Safe Harbor Certification Mark

By Lisa Sotto and Christopher Kuner


The U.S. Department of Commerce has developed a certification mark to identify companies that are certified under the U.S.-European Union (EU) Safe Harbor Framework. Companies appearing on the Department of Commerce's official Safe Harbor list can display the certification mark on their Web sites for one year and annually thereafter if they renew their Safe Harbor certification. The department has established certain requirements for the use of Safe Harbor certification marks, such as rules regarding the location of the mark on a company's Web site. Failure to comply with the requirements can subject a company to enforcement actions by the Federal Trade Commission (FTC), including actions based on mark infringement and unfair and deceptive trade practices.

Benefits of the Certification Mark

Currently, a consumer can check the Department of Commerce Web site to determine whether a particular company is compliant with the Safe Harbor Framework. A certification mark system will allow participating companies to more simply demonstrate their compliance with Safe Harbor. Upon visiting a company's Web site, European consumers and international business partners will be able to easily determine whether or not the company is Safe Harbor compliant.

U.S.-EU Safe Harbor Framework

In 2000, the Department of Commerce, in cooperation with EU authorities, developed the Safe Harbor Framework which allows compliant companies to receive uninterrupted transfers of personal information from the EU to the United States. The Safe Harbor Framework was developed in response to the EU Data Protection Directive (95/46/EC), which became effective in October 1998. The directive generally bans the transfer of personal data to non-EU countries that are deemed to lack "adequate" levels of privacy protection.

The U.S. is considered not to provide adequate protection for personal data of EU residents. Under the Safe Harbor Framework, however, businesses can certify their compliance with certain privacy principles and be deemed "adequate." This certification allows them to freely transfer personal information from the EU to the United States.

Lisa Sotto and Christopher Kuner are partners at Hunton & Williams. This article was originally published as a Hunton & Williams "Client Alert." www.hunton.com/