EU Gives U.S. Safe Harbor Another Chance
The EU Commission has reviewed the working of the U.S. Safe Harbor programme on transfers of personal data from the European Economic Area to the U.S., and says that it will wait until summer 2014 to see whether it will suspend, modify or even revoke its Safe Harbor decision based on the progress that the U.S. has made by then. Data Protection Authorities in the EU as well as the Commission have had concerns over the scheme due to lack of enforcement, general formulation of the principles and the high reliance on self-certification. Since 2009, the U.S. Federal Trade Commission has brought 10 enforcement actions against companies based on Safe Harbor violations. Most worryingly, there have been false claims of Safe Harbor adherence. The Commission says that about 10% of companies claiming membership in the Safe Harbor are not listed by the U.S. Department of Commerce as current members of the scheme. The Department of Commerce says that it has now started to contact Safe Harbor participants one month prior to their certification renewal date to alert them. It has also made it mandatory for Safe Harbor participants to make their privacy policy readily available on their public website.Self-certified companies should publish privacy conditions of any contracts they conclude with subcontractors and any false claims should continue to be investigated.