Galexia

The US Safe Harbor - Fact or Fiction? (2008)

6.1. Recommendations for the EU

The EU is a significant stakeholder in the operation of the Safe Harbor – it is the personal information of European citizens that is ultimately at risk. The EU should take a more ‘hands-on’ approach to ensuring that the Safe Harbor is providing basic privacy protection:

  • The EU should consider re-negotiating the Safe Harbor arrangement so that all member privacy policies are made available on a public website, or posted on the Department of Commerce website, as a minimum entry requirement to the Safe Harbor;
  • The EU should consider re-negotiating the Safe Harbor arrangement so that Safe Harbor members are required to select dispute resolution providers that are affordable for ordinary consumers;
  • The EU should consider providing warnings to EU consumers and businesses regarding public claims that an organisation is a member of the Safe Harbor. EU consumers and businesses will need to check the actual membership in order to avoid false claims (currently 206 organisations). This warning will need to instruct EU consumers and businesses to check the certification dates, as the Department of Commerce record of currency is not accurate; and
  • The EU should consider undertaking a comprehensive review of all entries on the Safe Harbor list. This could include collecting each privacy policy and assessing it against all seven EU Safe Harbor principles.