Please visit our new website at www.export.gov!

Welcome to the U.S.-EU Safe Harbor

Advisory:

On October 6, 2015, the European Court of Justice issued a judgment declaring as “invalid” the European Commission’s Decision 2000/520/EC of 26 July 2000 “on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.” According to that decision, the U.S.-EU Safe Harbor Framework is not a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. Please note that, pursuant to the Safe Harbor Frequently Asked Question on Self-Certification, the commitment to adhere to the Safe Harbor Principles is not time-limited, and a participating organization must continue to apply the Principles to data received under the Safe Harbor.

On July 12, U.S. Secretary of Commerce Penny Pritzker joined European Union Commissioner Věra Jourová to announce the approval of the EU-U.S. Privacy Shield Framework, which will replace the U.S.-EU Safe Harbor. Secretary Pritzker announced that the Department will start accepting certifications on August 1st.

As of August 1, the Department of Commerce will stop accepting new submissions for self-certification to the U.S.-EU Safe Harbor Framework. As of October 31, the Department will stop accepting U.S.-EU Safe Harbor re-certifications. The Department will maintain the U.S.-EU Safe Harbor List of participants.

Please note that this advisory does not apply to the U.S.-Swiss Safe Harbor Framework, which the Department will continue to administer.

The European Commission’s Directive on Data Protection went into effect in October of 1998, and would prohibit the transfer of personal data to non-European Union countries that do not meet the European Union (EU) “adequacy” standard for privacy protection. While the United States and the EU share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the EU. In order to bridge these differences in approach and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "safe harbor" framework and this website to provide the information an organization would need to evaluate – and then join – the U.S.-EU Safe Harbor program.

Please note that the form used for self-certifying compliance with the U.S.-EU Safe Harbor Framework is identical to that used for self-certifying compliance with the U.S.-Swiss Safe Harbor Framework; nevertheless, an organization is not required to self-certify to one of the Safe Harbor Frameworks in order to self-certify to the other. Organizations should also note that when they select “Switzerland” as a country from which they receive personal data, they are self-certifying compliance with the U.S.-Swiss Safe Harbor Framework. It is critically important that an organization read the U.S.-EU Safe Harbor Privacy Principles, 15 FAQs, and enforcement documents before submitting a self-certification form.

Checklist for Joining the U.S.-EU Safe Harbor:

If your organization is considering joining:

If your organization decides to join:

Upon receipt of your organization’s self-certification submission and corresponding processing fee, the submission will be reviewed for completeness. If and when the submission is deemed complete, it will be posted to the U.S.-EU Safe Harbor List, available on this website.


  Notice to Visitors!


  The link you have chosen will take you to a non-U.S. Government website.

  If the page does not appear in 5 seconds, please click this: outside web site

  Export.gov is managed by the International Trade Administration and external links are covered by its website  disclaimer statement.


  Notice to Visitors!


  The link you have chosen will take you to a non-U.S. Government website.

  If the page does not appear in 5 seconds, please click this: outside web site

  BuyUSA.gov is managed by the International Trade Administration and external links are covered by its website disclaimer statement.