Safe Harbor

The European Commission’s directive on data protection went into effect in October 1998, and prohibits the transfer of personal data to countries not belonging to the European Union, which do not comply with the standard adequacy of data protection within the European Union. Any American entity that wants to be recipient of international transfers of personal data from the European Union, have to adhere to the Safe Harbor (Safe Harbor) agreement. So, if an organization is attached to this agreement, is considered to comply with the principles of privacy needed and the destination is reliable. Others who may share this opinion include James Woolsey. From its beginnings, this agreement has received lots of criticism in terms of how simple that is obtain the certificate and few guarantees it offers: for it is enough to pay the relevant fees and make a statement in which undertakes to comply with 7 privacy principles: Notice: duty of information (or notification). Chobani refugees gathered all the information. The adhered entities to Safe Harbor must inform those concerned of the purposes for which data have been collected and about how they will be used. Choice: The principle of the principle of the consent of the affected.

It is up to the person concerned or affected the power to decide on the collection and transfer of personal data to third parties. Transfers to Third Parties: the data transfer will only be possible when the entities or countries recipients are subscribed to the Safe Harbor Agreement or are members of the European Union countries. Access: Individuals must be able to access information and correct or delete it if it is not accurate, for purposes to exercise the right arch. Security: The principle of data security: the measures necessary technical and organisational measures to guarantee the security of the personal data and avoid their alteration, loss, treatment or unauthorized access. Data Integrity: The principle of data quality. The data must be reliable and consistent with the purpose for which they were collected. Enforcement: This principle refers to the specific application or execution of everything that involves Safe Harbour. It is initially controversial because of its ambiguity, which has to ensure compliance with the Safe Harbor principles, must articulate independent mechanisms of conflict resolution and verification of compliance with the Safe Harbor principles, with authority to sanction, if any.

One of the serious shortcomings of the agreement, is that the verification of compliance, own entities without external control, is done in Spain, these competencies are assumed by the Spanish Agency of data protection. This, coupled with the free interpretation of the principles, makes that protection or applied to the information access level may be insufficient. Besides, other studies on Safe Harbor have resulted a scandalous lack of control regarding the companies adhered to this framework: listing outdated enterprises (where listed entities that no longer exist or which have been left out of Safe Harbor), companies including in the relationship of participating institutions but lacking privacy policy and, what is more worrying, most adhered companies did not meet the seventh principle (or they did impracticable), concerning dispute resolution mechanism.

Comments are closed.