FPF Applauds Department of Commerce For Safe Harbor Website Revision

FPF Applauds Department of Commerce For Safe Harbor Website Revision

The Department of Commerce has long listed companies’ participation in the US-EU Safe Harbor program in the Safe Harbor List. Within that list, a significant number of companies are marked with the designation “not current.” As FPF wrote in its paper discussing the Safe Harbor, a company can be listed as “not current” for a number of reasons: they may have failed to fill out specific yearly paperwork, chosen to use other approved data transfer mechanisms, merged with another company, ceased data transfer with the EU, or shut down altogether. However, critics of the Safe Harbor say many companies are claiming to be members while in fact they are not adhering to the Safe Harbor agreement.

FPF noted that a company’s obligations under the Safe Harbor do not end even if the company is listed as non-current: rather, they remain responsible for adhering to the Safe Harbor Principles with respect to all the data they transferred while enjoying the benefits of Safe Harbor membership.  When the European Commission recommended that “[t]he Department of Commerce should clearly indicate on its website all companies which are not current members.” FPF agreed and suggested that the Department of Commerce should also include on its website an explanation why a company may be listed as “not current” in order to clear up any potential confusion.

FPF is pleased that the Department of Commerce’s Safe Harbor website was updated in late 2013 with a new notice that makes clear that companies may be listed as non-current for a number of reasons, but are nonetheless subject to FTC enforcement for claiming to be members without adhering to the Safe Harbor Principles. The new notice reads:

“Notice: An organization may be designated as “Not Current” for a variety of reasons. The most common reason is that the organization has failed to reaffirm its adherence to the Safe Harbor Privacy Principles on an annual basis as required by the Safe Harbor Frameworks. Another possible reason is that the organization has failed to comply with one or more of the Safe Harbor Privacy Principles. Organizations designated as “Not Current” are no longer assured of the benefits of the Safe Harbor (i.e., the presumption of “adequacy”). These organizations nevertheless must continue to apply the Safe Harbor Privacy Principles to the personal data received during the period in which they were assured of the benefits of the Safe Harbor for as long as they store, use or disclose those data. Any misrepresentation by an organization designated as “Not Current” concerning its adherence to the Safe Harbor Privacy Principles may be actionable by the Federal Trade Commission or other relevant government body.”

FPF applauds the Department of Commerce for these revisions. We will continue to monitor developments relating to the US-EU Safe Harbor Agreement as they arise.

Leave a Reply


Privacy Calendar

Oct
7
Tue
Measuring Student Engagement in ...
Measuring Student Engagement in ...
Oct 7 @ 8:00 am – 9:00 am
Technology has brought promising advances to the classroom and it is here to stay. But how can you be sure that using electronic devices and implementing blended learning programs is going to help your students[...]
Oct
11
Sat
City by Numbers: Big Data and th... @ Pratt Institute
City by Numbers: Big Data and th... @ Pratt Institute
Oct 11 @ 9:30 am – 6:00 pm
Big Data—the exponential growth and availability of information—is one of the defining phenomena of our time. It affects us all on different levels – with far-reaching social, environmental, and governmental significance. To help make sense[...]
Oct
21
Tue
Consumer Action’s 43rd Annual Aw... @ Google
Consumer Action’s 43rd Annual Aw... @ Google
Oct 21 @ 6:00 pm – Oct 21 @ 8:00 pm
To mark its 43rd anniversary, Consumer Action’s Annual Awards Reception on October 21, 2014, will celebrate the theme of “Train the Trainer.” Through the power of individual and small group trainings, Consumer Action each year is[...]
Oct
29
Wed
Big Data and Privacy: Navigating... @ Schulze Hall
Big Data and Privacy: Navigating... @ Schulze Hall
Oct 29 @ 4:00 pm – 7:00 pm
The rapid emergence of “big data” has created many benefits and risks for businesses today. As data is collected, stored, analyzed, and deployed for various business purposes, it is particularly important to develop responsible data[...]
Jan
28
Wed
all-day Data Privacy Day
Data Privacy Day
Jan 28 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first[...]
Jan
28
Thu
all-day Data Privacy Day
Data Privacy Day
Jan 28 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first[...]

View Calendar