The US-EU Safe Harbor Agreement came into effect on Wednesday.
The Safe Harbor agreement was negotiated to bridge the gap between privacy regulations in the EU and US. The problem was that the EU Data Protection Directive includes a provision that prohibits the transfer of data collected in the EU to countries that do not have comparable privacy protections in place – a group that includes the US. To get around this, the agreement will make individual US businesses responsible for the confidentiality of personal information collected in Europe. This will allow the transfer of European personal data to US companies with policies that meet the relevant standards.
According to existing industry self-regulation body TRUSTe, its new EU Safe Harbor Privacy Seal will certify Safe Harbor compliance and provide an alternative dispute-resolution process. But it is unclear how companies would use this. The US Department of Commerce will maintain the list of companies included, and the Federal Trade Commission will enforce compliance with the agreement. So a company that is included in the Safe Harbor will have no need for a TRUSTe EU Safe Harbor Privacy Seal as an additional proof of its status.
The Safe Harbor agreement is the result of the EU’s preference for government regulation over the industry self-regulation practiced in the US. Industry self-regulation organizations such as TRUSTe would seem to have no real function in the implementation of the agreement – their move looks more like an attempt to capitalize on the goodwill and publicity surrounding the scheme.
