International Safe Harbor Privacy Principles
Safe Harbor (English " Safe Harbor ") is a European Commission decision, which enables European companies to legally transfer personal data in the United States. There is furthermore a similar agreement with Switzerland. Regular ( also Safe Harbor Pact) is spoken by the Safe Harbor Agreement, as this approach was agreed with the United States. It is at Safe Harbor but to no international treaty, but merely a European Commission decision. Directive 95/46/EC ( Data Protection Directive) prohibits in principle to transfer personal data from EU Member States in states that have comparable level of data protection does not have EU law. This applies to the United States, because they know no comprehensive legal rules which comply with EU standards.
In order for the data traffic between the U.S., EU and Switzerland does not come to a standstill, a special procedure was developed between 1998 and 2000. U.S. companies can join the Safe Harbor and be registered on the appropriate list of the U.S. Department of Commerce, if they commit to the Safe Harbor Principles ( English for " Safe Harbor Principles " ) and the related - binding - Frequently Asked Questions ( FAQ ) must be observed. In 2000, the EU has recognized in a decision that adequate protection exists at the companies that have joined the Safe Harbor system.
So far have joined the Safe Harbor Agreement, including IBM, Microsoft, General Motors, Amazon.com, Google, Hewlett -Packard, Dropbox and Facebook over a thousand companies.
Safe Harbor and Switzerland
Together with the Swiss State Secretariat for Economic Affairs ( SECO), the Swiss Federal Data Protection and Information Commissioner (FDPIC ) and the United States a set of rules was drawn up for Switzerland, which ensures an adequate level of data protection for including certified companies.
With the " US-Swiss Safe Harbor Framework " was created with the United States a foundation that facilitates data transfer with Switzerland and the U.S. companies.
German regulators and Safe Harbor
The Düsseldorf district, the Board at the Conference of Data Protection Commissioners of the Federation and the Länder, has stated in April 2010 that data exporters should not rely on the claim of Safe Harbor Certification of U.S. companies in Germany. The supervisory authorities represented in the Düsseldorf district require that the exporting company can demonstrate to the Safe Harbor certification and compliance with the Safe Harbor principles.
This includes after the supervisory authorities consider that the data exporters in any case make the following minimum tests:
Data exporters in Germany must document these minimum testing and demonstrate to demand the supervisory authorities.
Criticism
Since under the U.S. Patriot Act U.S. security agencies may access must be granted to the data stored in U.S. Clouds without notifying the data owner, the Safe Harbor framework is coming increasingly under critique and in the opinion of the Independent Centre for Privacy Protection in Schleswig -Holstein " not worth the paper on which it is written ."
Review by PRISM
After uncovering the PRISM revealed the German data protection authorities have asked on 24 July 2013, the German Federal Government and the European Commission to review the Safe Harbor system and announced that they are until further no data export to the U.S. under the Safe Harbor permit system.
A day later, on July 25, 2013, it was announced that two complaints against Apple and Facebook have not been edited before the Irish data protection authority. The Irish Data Protection Authority found that PRISM has changed nothing about the validity of Safe Harbor and only the affiliation of the recipient undertaking would be sufficient to the Safe Harbor list, so that the data export is legal in the United States. In addition, the Authority noted that the EU had " foreseen and regulated " in 2000 using data as for PRISM year.
The EU has already previously announced on July 19, 2013 review by the end of 2013. Commenting on the decision of the Data Protection Authority in Ireland, the EU Commission stated: "In light of the publications around PRISM, it seems that the data protection requirements do not comply with the" Safe Harbour' Agreement with the European standards. "
The EU Justice Commissioner Viviane Reding announced on 6 September 2013 reform of EU data protection to which enterprises have to reckon " with penalties of up to two percent of annual turnover worldwide " when " about illegal transmit data."
With 544 votes in favor, 78 votes against and 60 abstentions, the EU members of the European Parliament voted in March 2014 for a stay of the Safe Harbor Agreement for the transmission of commercial data in the United States.