<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%> <% ' Loads a file and executes it as an ASP file. ' Needed to perform dynamic execution of BSP/FUSE ' and can be useful down the road Function GetFileContentsForExecution(aspFileFragmentPath) Dim oFSO, sContents 'Obtain a reference to the FileSystemObject Set oFSO = Server.CreateObject("Scripting.FileSystemObject") 'Obtain the file contents sContents = oFSO.OpenTextFile(Request.ServerVariables("APPL_PHYSICAL_PATH") & aspFileFragmentPath).ReadAll Set oFSO = Nothing 'reference to the FileSystemObject 'Remove the ASP scripting tags sContents = Replace (sContents, "<" & "%", "") sContents = Replace (sContents, "%" & ">", "") GetFileContentsForExecution = sContents End Function ' Grabs the node value of the responseXML returned ' by the CSWP_DOC_INFO service. This is used to ' display metadata on the confirmation page. Function GetXmlNodeValue(objXmlRowNode, strNodeName) Dim objXmlNode, objXmlNodeValue Set objXmlNode = objXmlRowNode.selectSingleNode("@" & strNodeName) If (objXmlNode Is Nothing) Then Set objXmlNode = objXmlRowNode.selectSingleNode("idc:field[@name='" & strNodeName & "']") End If If (Not (objXmlNode Is Nothing)) Then GetXmlNodeValue = objXmlNode.Text End If End Function %> <%dim instanceName%> <%dim serverAddr%> <%dim visitorIP%> <%dim displayAllBSP%> <%dim fuseType%> <%dim cswpProgram%> <%instanceName = "build"%> <%serverAddr = "https://build.export.gov/build/idcplg"%> <%visitorIP = Request.ServerVariables("REMOTE_ADDR")%>

Safe Harbor-Related News & Events

European Court of Justice Decision

Advisory:

  • On October 6, 2015, the European Court of Justice issued a judgment declaring as “invalid” the European Commission’s Decision 2000/520/EC of 26 July 2000 “on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.”
  • In the current rapidly changing environment, the Department of Commerce will continue to administer the Safe Harbor program, including processing submissions for self-certification to the Safe Harbor Framework.  If you have questions, please contact the European Commission, the appropriate European national data protection authority, or legal counsel.

Statement from U.S. Secretary of Commerce Penny Pritzker on Release of EU-U.S. Privacy Shield Text

February 29, 2016, Washington, DC

  • Please click here for additional information regarding the EU-U.S. Privacy Shield, including a factsheet and the full text.

Statement from U.S. Secretary of Commerce Penny Pritzker on EU-U.S. Privacy Shield

February 2, 2016, Washington, DC

  • Please click here for a factsheet on the EU-U.S. Privacy Shield.

Statement from U.S. Secretary of Commerce Penny Pritzker on European Court of Justice Safe Harbor Framework Decision

October 6, 2015, Washington, DC

“Since 2000, the Safe Harbor Framework has proven to be critical to protecting privacy on both sides of the Atlantic and to supporting economic growth in the United States and the EU. We are deeply disappointed in today’s decision from the European Court of Justice, which creates significant uncertainty for both U.S. and EU companies and consumers, and puts at risk the thriving transatlantic digital economy. Among other things, the decision does not credit the benefits to privacy and growth that have been afforded by this Framework over the last 15 years.

For the last two years, we have worked closely with the European Commission to strengthen the U.S.-EU Safe Harbor Framework, with robust and transparent protection, including clear oversight by the Department of Commerce and strong enforcement by the U.S. Federal Trade Commission.

The court’s decision necessitates release of the updated Safe Harbor Framework as soon as possible.

We are prepared to work with the European Commission to address uncertainty created by the court decision so that the thousands of U.S. and EU businesses that have complied in good faith with the Safe Harbor and provided robust protection of EU citizens’ privacy in accordance with the Framework’s principles can continue to grow the world's digital economy.”

Federal Trade Commission (FTC) Update on the U.S.-EU Safe Harbor Framework

(Updated November 6, 2015), Washington, DC

“On October 6, 2015, the European Court of Justice issued a judgment declaring as invalid the European Commission’s Decision 2000/520/EC of 26 July 2000 on the adequacy of the U.S.-EU Safe Harbor Framework. U.S. and EU officials are currently discussing the development of an enhanced mechanism that protects privacy and provides an alternative method for transatlantic data transfers. In the meantime, we continue to expect companies to comply with their ongoing obligations with respect to data previously transferred under the Safe Harbor Framework. We also encourage companies to continue to follow robust privacy principles, such as those underlying the Safe Harbor Framework, and to review their privacy policies to ensure they describe their privacy practices accurately, including with regard to international data transfers.”

Recent Safe Harbor-related Enforcement

The Federal Trade Commission (FTC) issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the FTC that a proceeding is in the public interest. When the FTC issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $16,000.

Note: These cases were brought with the valuable assistance of the U.S. Department of Commerce.

On August 17, 2015 the FTC announced that thirteen companies had agreed to settle FTC charges that they misled consumers by claiming that they were certified members of the U.S.-EU and/or U.S.-Swiss Safe Harbor Frameworks when their certifications had lapsed or the companies had never applied for membership in the program at all.

  • “The U.S.-EU and U.S.-Swiss Safe Harbor Frameworks are important agreements, and the FTC remains strongly committed to enforcing them,” said FTC Chairwoman Edith Ramirez. “Companies must not deceive consumers about their participation in these programs.”

On April 7, 2015 the FTC announced that two companies had agreed to settle FTC charges that they misled consumers by claiming that they were certified members of the of the U.S.-EU and/or U.S.-Swiss Safe Harbor Frameworks when their certifications had lapsed years earlier.

  • “We remain strongly committed to enforcing the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks,” said FTC Chairwoman Edith Ramirez. “These cases send an important message that businesses must not deceive consumers about whether they hold these certifications, and by extension, the ways in which they protect consumers.”

On May 9, 2014 the FTC announced that American Apparel had agreed to settle FTC charges that it misled consumers by claiming that it was a certified member of the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks when its certification had lapsed.

  • “The FTC is committed to making sure that when companies claim they’re participating in the U.S.-EU Safe Harbor Framework, they’re abiding by the terms of the program,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection.

On January 21, 2014 the FTC announced that twelve companies had agreed to settle FTC charges that they misled consumers by claiming that they were certified members of the U.S.-EU and/or U.S.-Swiss Safe Harbor Frameworks when their certifications had lapsed.

  • “Enforcement of the U.S.-EU Safe Harbor Framework is a Commission priority. These twelve cases help ensure the integrity of the Safe Harbor Framework and send the signal to companies that they cannot falsely claim participation in the program,” said FTC Chairwoman Edith Ramirez.

Under the proposed settlement agreements the companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or any other self-regulatory or standard-setting organization.

Seminars, Roundtables, and Webinars

Do you have questions about the U.S.-EU Safe Harbor Framework and/or the U.S.-Swiss Safe Harbor Framework and how relevant international privacy policy developments might impact your company? Both here and abroad, data privacy issues are taking on even greater significance, and countries around the world are revising or creating laws and regulations related to privacy. These changes could have an impact on your company and how it complies with privacy restrictions domestically and overseas.

Additional Resources and Noteworthy Website Developments

Specific “Not Current” Notice Posted December 2013: The explanatory note, which has been added to existing information on the public Safe Harbor List web pages, is meant to highlight and clarify the implications of an organization being designated as “Not Current”. The notice states the following:

  • An organization may be designated as “Not Current” for a variety of reasons. The most common reason is that the organization has failed to reaffirm its adherence to the Safe Harbor Privacy Principles on an annual basis as required by the Safe Harbor Frameworks. Another possible reason is that the organization has failed to comply with one or more of the Safe Harbor Privacy Principles. Organizations designated as “Not Current” are no longer assured of the benefits of the Safe Harbor (i.e., the presumption of “adequacy”). These organizations nevertheless must continue to apply the Safe Harbor Privacy Principles to the personal data received during the period in which they were assured of the benefits of the Safe Harbor for as long as they store, use or disclose those data. Any misrepresentation by an organization designated as “Not Current” concerning its adherence to the Safe Harbor Privacy Principles may be actionable by the Federal Trade Commission or other relevant government body.

Safe Harbor Key Points First Distributed December 2013 / Posted January 2014: A document, which the Safe Harbor Team has prepared providing useful information about the benefits, oversight, and enforcement of the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks, is available via the link provided herein. This document is meant to complement information provided elsewhere on the Safe Harbor website.

Overview of Safe Harbor Review Process Originally Posted May 2013: A document, the Safe Harbor Team has prepared clarifying the various steps taken and criteria assessed during the review of first time Safe Harbor self-certification submissions, as well as Safe Harbor recertification submissions, is available via the link provided herein. This document is meant to provide a useful summary of information provided elsewhere on the Safe Harbor website.

Clarifications Regarding the U.S.-EU Safe Harbor Framework and Cloud Computing Posted April 2013: A document, which the Safe Harbor Team has prepared clarifying various aspects of the U.S.-EU Safe Harbor Framework, and its applicability to the cloud computing sector, is available via the link provided herein.  This document is meant to provide prospective or existing participants in the U.S.-EU Safe Harbor program with a resource that they can refer to and refer others to when concerns are raised about the interplay between the program and cloud computing.

Summary of FTC Safe Harbor Enforcement Posted August 2012: A summary, which the Safe Harbor Team prepared in early August 2012, of Federal Trade Commission (FTC) enforcement of Safe Harbor commitments is available via the link provided herein. Please note that the FTC updated the Safe Harbor material on its own website in late 2012 to include detailed information regarding such enforcement.

New Survey Feature Launched in June 2012:  Organizations participating in the U.S.-EU and U.S.-Swiss Safe Harbor programs will be invited to complete a new survey to help the ITA’s Safe Harbor Team better evaluate the programs and how they support U.S. exports.  The survey consists of five short questions and should only take a few minutes to complete.  Those organizations self-certifying for the first time or recertifying on-line will be prompted to complete the survey prior to arriving at the payment page.  We hope that organizations participating in one or both of the Safe Harbor programs will take this important opportunity to communicate directly with the ITA regarding the programs to help us better serve the Safe Harbor community.

New Safe Harbor List Search Function Launched in June 2012:  In an effort to further enhance the functionality of the Safe Harbor website (export.gov/safeharbor), the ITA’s Safe Harbor Team launched a new search function making the U.S.-EU and U.S.-Swiss Safe Harbor Lists searchable by organization certification status (i.e. “Current” or “Not Current”).  We hope that this enhancement will make the Safe Harbor Lists and the Safe Harbor website even more useful to all Safe Harbor stakeholders.

U.S.-EU Safe Harbor Cooperation

U.S. Commerce General Counsel Cameron Kerry Editorial Avoiding a Data Divide Between the U.S. and the EU

November 22, 2012, European Voice, Brussels, Belgium

General Counsel Kerry writes, “In the United States, our hope is that a global framework for national privacy policies will emerge that protects consumers, encourages innovation, and supports trade and economic growth. Both the US and the EU must take care to preserve the free flow of data that supports one of the most significant trade relationships in the world.”  The editorial cites the U.S.-EU Safe Harbor Framework as a flexible mechanism that enables the kind of international privacy policy interoperability called for in President Obama’s comprehensive privacy blueprint.  The editorial highlights the benefits of the Framework to businesses, consumers, and transatlantic trade and notes that “the value of this mechanism cannot be overstated.” 

  • The full text of the editorial is available via the link provided above.

U.S.-EU Joint Statement on Privacy from EU Commission Vice-President Viviane Reding and U.S. Commerce Secretary John Bryson

March 19, 2012, Washington, DC

“In line with the objectives of increasing trade and regulatory cooperation outlined by our leaders at the U.S.-EU Summit, the United States and the European Union reaffirm their respective commitments to the U.S.-EU Safe Harbor Framework. This Framework, which has been in place since 2000, is a useful starting point for further interoperability. Since its inception, over 3,000 companies have self-certified to the Framework to demonstrate their commitment to privacy protection and to facilitate transatlantic trade. The European Commission and the Department of Commerce look forward to continued close U.S.-EU collaboration to ensure the continued operation and progressive updates to this Framework. As the EU and the United States continue to work on significant revisions to their respective privacy frameworks over the next several years, the two sides will endeavor to find mechanisms that will foster the free flow of data across the Atlantic. Both parties are committed to work towards solutions based on non-discrimination and mutual recognition when it comes to personal data protection issues which could serve as frameworks for global interoperability that can promote innovation, the free flow of goods and services, and privacy protection around the world. The EU and the United States remain dedicated to the operation of the Safe Harbor Framework-as well as to our continued cooperation with the Commission to address issues as they arise-as a means to allow companies to transfer data from the EU to the United States, and as a tool to promote transatlantic trade and economic growth.”  

  • The full text of the joint statement is available via the link provided above.

Privacy and Protection of Personal Data Conference

March 19, 2012, Washington, DC

This European Commission hosted conference covered transatlantic privacy issues and focused on current policy and legislative initiatives in the European Union and the United States.  The conference also included a discussion of the US-EU Safe Harbor Framework. 

• Additional information regarding the conference is available via the link provided above.


  Notice to Visitors!


  The link you have chosen will take you to a non-U.S. Government website.

  If the page does not appear in 5 seconds, please click this: outside web site

  Export.gov is managed by the International Trade Administration and external links are covered by its website  disclaimer statement.


  Notice to Visitors!


  The link you have chosen will take you to a non-U.S. Government website.

  If the page does not appear in 5 seconds, please click this: outside web site

  BuyUSA.gov is managed by the International Trade Administration and external links are covered by its website disclaimer statement.