BRUSSELS (07/27/2000) - The European Commission announced Thursday it will recognize the U.S. so-called "safe harbor" principles as representing adequate protection under the European Union's data privacy directive. Similar decisions were also announced for data privacy regimes in Switzerland and Hungary, the Commission said in a statement.
The Commission also announced that it has held discussions with several other non-EU countries, notably Australia, Canada and Japan, and will shortly start the process of determining whether Canada's new privacy law provides "adequate protection."
The safe harbor provision will be "fully up and running by November," the Commission said in the statement.
The EU decision on the safe harbor privacy principles officially puts to rest almost three years of negotiations prompted by EU adoption in 1995 of privacy legislation. The legislation stipulated that personal data from databases maintained in the EU could only be transmitted to countries outside the EU provided those countries respected similar standards of data privacy.
The safe harbor principles require that a company seek explicit agreement from people before transferring their personal data to another company. The principles, like the EU directive, also give people reasonable access to personal data to review and possibly correct it. The principles also require organizations using personal information to "take reasonable precautions to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction," according to EU documents.
However, adherence to the safe harbor principles in the U.S. is essentially voluntary and self-monitoring, since the principles have not been codified into U.S. law, as has been done in the EU.
Although earlier this year, the Commission reached an agreement with the U.S. that a system based on safe harbor principles did represent adequate levels of privacy, the European Parliament voted otherwise earlier this month, prompting short-lived concern that the agreement might have to be renegotiated. The European Parliament opinion is, however, non-binding, so while agreeing to transmit the Parliament's concerns over data privacy standards to the U.S. administration, the European Commission has decided to approve the safe harbor principles, the source said.
Frits Bolkestein, internal market commissioner, said the decision on safe harbor will make transfers of data for both EU and U.S. businesses simpler and provide a framework within which personal data transferred to the U.S. from Europe will be better protected. He called the decision "a very positive development."
(James Niccolai in London contributed to this report.)