Recently, there’s been a debate in some circles in Europe about whether the agreements that cover data flows between the US and Europe - and in particular the US-EU Safe Harbor Agreement - provide adequate privacy protections. publishing details of law enforcement requests made to us for one and a half years now. But the reality is that the challenges around law enforcement require new, transatlantic answers, and so we applaud the efforts currently being made by the EU and the US. privacy policies around it. We've also been subject to a Safe Harbor enforcement action and agreed to a consent decree with the FTC relating to the launch of Buzz which will guide our privacy practices for 20 years. "Google adheres to the US Safe Harbor Privacy Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S. Department of Commerce’s Safe Harbor Program ." OECD Privacy Guidelines and the EU Data Protection Directive . And the same applies for the US-EU Safe Harbor Agreement,letter sent to the United States government. eloquent rebuttal of the critiques of the program, “safe harbour has been a resounding success … facilitating the recognition by US business that privacy is a critical factor to success in the global marketplace.” Posted byPeter Fleischer, Global Privacy Counsel
In fact, the Safe Harbor framework does not provide appropriate data protection according to EU standards. Any organization can declare to adhere to it without any certification by a neutral third party. How should an EU citizen or small company be able to enforce their rights in US courts? Does the FTC take complaints of data protection violations in other languages then English - if it accepts complaints at all? What about all the non English speaking EU citizens?
ReplyDeleteWhat is the value of the Safe Harbor framework if a self-declared participant such as Facebook blatantly ignores EU data protection standards on an ongoing basis?
Does this apply also to Google Apps Engine?
ReplyDeleteMeaning can ISVs hosting their apps on GAE claim their
data is also safe-Harbor protected?