Sail in a Safe Harbor-The Legal Transfer of Data (1,348 words)
How to navigate the legal transfer of data from Europe to the United States
The capture and use of personal data for marketing purposes is a common practice in the United States. In other parts of the world, however, policies and laws regarding the use of personal data for such purposes are far more restrictive.
The most notable piece of global privacy legislation that affects U.S. companies is the European Data Protection Directive, which requires specific measures be met before data are transferred outside the European Union (EU).
When implementation of this directive threatened the flow of data from the EU to the United States, the U.S. Department of Commerce and the European Commission negotiated the Safe Harbor, which now allows its participants to receive data from Europe.
The European Data Protection Directive: A Brief History
In October 1998, the EU implemented its data privacy directive, which required each of its 15 member countries to draft and implement new legislation that mirrored its guidelines relating to the procurement, housing and use of data.
The first part of the directive applies to all information collected within Europe by any and all media (e.g., telephone, Internet, mail). When collecting data within the EU, the marketer must give the consumer the right to opt-out. It also must inform the consumer of any use of the data that is not apparent. For example, collecting data to solicit a sale is apparent.
However, if you as the marketer wish to disclose that information to a third party for direct marketing purposes, you may have to go back to the consumer for permission. Consumers also have the right to correct their data.
Another critical part of the directive applies to the transfer of data. Any non-EU country receiving data from the EU must provide adequate protection.