Skip to main content

Safe Harbour Agreement

What is the Safe Harbour Agreement?

The Safe Harbour Agreement was a set of principles that governed the exchange of data between the United States of America and the European Union (and Switzerland). It was ruled invalid by the European Court of Justice on 6 October 2015. The ruling has led to the creation of the EU-US Privacy Shield.

What was the purpose of the Safe Harbour Agreement?

The Safe Harbour Agreement was designed to ensure data transfers between the EU and the US complied with the European Data Directive 1995. Specifically, it revolved around 7 key principles:

  1. Notice - The data subject should be informed that their data has been collected, how it will be used and how to contact the data holder for any queries.
  2. Choice - The data subject should be able to opt out as well as forward the relevant data to another third party.
  3. Onward Transfer - The transfer of any data can only happen with a third party that meets the required data protection principles.
  4. Security - A reasonable effort must be made to keep the data safe from loss/theft.
  5. Data Integrity - The data must be relevant and reliable for its original purpose of collection.
  6. Access - The data subject should be able to access, correct and delete any information held about them.
  7. Enforcement - There must be effective means of enforcing these rules.

Why was the Safe Harbour Agreement ruled invalid?

After a legal case between Austrian privacy campaigner Max Schrems, it was decided that US data protection laws were inadequate and it was necessary to rule the agreement invalid. 

How are other organisations preparing for GDPR?