Privacy Group: Safe Harbor Certification Does Not Guarantee Compliance
DATA PROTECTION—EU & U.S.May 26, 2010
The Düsseldorfer Kreis, an informal group of Germany's private sector data protection entities, is cautioning that even if U.S. companies are part of the Safe Harbor data protection agreement, European companies should not take their word on compliance with EU privacy requirements. OUT-LAW.com reports that the group instead urges EU firms to conduct their own reviews of U.S. companies certified under Safe Harbor as complying with similar privacy standards to those enforced in the EU. "At the very least, the exporting company must clarify when the Safe Harbor certification of the U.S. company was issued," the Düsseldorfer Kreis recommends, noting that, "Any certification older than seven years old is not valid."