From 1st November 2000, companies have been able to sign up to what
is known as the Safe Harbor scheme which provides for the transfer
of personal data from Europe to the US in compliance with EU data
protection laws. However, very few have done so in the intervening
month.
The transfer of data outside the UK or other EU countries is
limited by data protection legislation to prevent transfers to
countries without adequate data protection laws. The US has no
equivalent legislation, instead relying on a self-regulatory
system. Under the safe harbor, US companies can voluntarily adhere
to a set of data protection principles to meet the requirements of
the EU as regards transfers of data to the US.
Five businesses have to date signed up to the safe harbor. Two
of these, Privacy Leaders and TRUSTe are involved in the provision
of privacy services. The remaining three are Dun & Bradstreet,
which provides company information, HealthMedia, which sells a
product to help smokers kick the habit, and Adar International,
which contacts creditors of bankrupt estates.
Dun & Bradstreet said that its biggest motivation for
joining the safe harbor was that it already complies with the EU’s
privacy rules. According to reports, most US companies have adopted
a “wait and see” approach. There is still uncertainty over
compliance costs, enforcement issues and a reluctance to act as a
test-case.
