Textbook Key

F: Foundations of Information Privacy and Data Protection

US: U.S. Private-sector Privacy

C: Canadian Privacy

E: European Privacy

G: U.S. Government Privacy

IT: Privacy in Information Technology

M: Privacy Program Management

Find the terms that relate to the program or designation you are studying for by using the tabs below to narrow your search.

Safe Harbor

The European Commission’s (EC) Directive on Data Protection (EC/46/95) prohibits the transfer of personal data to non-European Union nations that do not meet the European “adequacy” standard for privacy protection. While the U.S. and the European Union (EU) share the goal of privacy protection, the U.S. uses a sectoral approach that relies on a mix of legislation, regulation and self-regulation, while the EU relies on comprehensive legislation that requires creation of government data protection agencies, registration of databases with those agencies and, in some instances, approval before personal data processing may begin. As a result of these different privacy approaches, the directive could have significantly hampered the ability of U.S. companies to engage in many trans-Atlantic transactions. In order to bridge these different privacy approaches and provide a streamlined means for U.S. organizations to comply with the directive, the U.S. Department of Commerce and the EC developed a “Safe Harbor” framework. The Safe Harbor—approved by the EU in 2001—is an important way for U.S. companies to avoid interruptions in business dealings with the EU or prosecution by European authorities under European privacy laws. Certifying to the Safe Harbor assures that EU organizations know a non-EU-based company provides adequate privacy protection, as defined by the directive. From a U.S. perspective, Safe Harbor is a self-regulatory regime that is only available to companies subject to the enforcement authority of the U.S. Federal Trade Commission or the U.S. Department of Transportation. Companies that are outside the jurisdiction of these two agencies are not eligible to join Safe Harbor.

Reference(s) in IAPP Certification Textbooks: E178-180