German privacy watchdogs have told companies to conduct their own checks of US companies' conduct before passing personal data to them, even if they are signed up to the EU-US 'Safe Harbor' data protection scheme.
The Düsseldorfer Kreis is an informal group of Germany's private sector data protection watchdogs. It has said that companies must not simply take US companies' word on their compliance with EU privacy principles if they plan to send personal data to them. They must make their own checks, the group said.
European Union laws on privacy are amongst the world's strictest, and companies are not allowed to send personal data to countries outside the European Economic Area unless there is a guarantee that it will be protected as well there as it is in the EU.
There are several mechanisms for ensuring this protection. One is that the whole country will be deemed to have 'adequate' data protection, because its laws are at least as stringent as the EU's. Very few countries achieve this rating.
Multinational companies can use binding corporate rules to send data to parts of the company in different countries, and companies can also use model contract clauses produced by the European Commission to bind companies outside of the EU to its high data protection standards.
Another mechanism which only US companies can use is the Safe Harbor agreement. Under this, companies comply with similar privacy standards to those enforced in the EU and register with US consumer protection regulator the Federal Trade Commission (FTC).
To Continue Reading: Click Here