Please visit our new website at www.export.gov!

Welcome to the U.S.-EU & U.S.-Swiss Safe Harbor Frameworks

Advisory:

U.S.-EU Safe Harbor

On October 6, 2015, the European Court of Justice issued a judgment declaring as “invalid” the European Commission’s Decision 2000/520/EC of 26 July 2000 “on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.” As a result of that decision, the U.S.-EU Safe Harbor Framework is not a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States.

On July 12, 2016, U.S. Secretary of Commerce Penny Pritzker joined European Union Commissioner Věra Jourová to announce the approval of the EU-U.S. Privacy Shield Framework as a valid legal mechanism to comply with EU requirements when transferring personal data from the European Union to the United States. The EU-U.S. Privacy Shield Framework replaces the U.S.-EU Safe Harbor Framework. The Department began accepting certifications on August 1, 2016.

As of October 31, 2016, the Department stopped accepting all U.S.-EU Safe Harbor certifications. The Department will maintain the U.S.-EU Safe Harbor List of participants.

U.S.-Swiss Safe Harbor

On January 12, 2017, Swiss Federal Councillor Johann Schneider-Ammann announced the approval of the Swiss-U.S. Privacy Shield Framework as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States. The Swiss-U.S. Privacy Shield Framework will immediately replace the U.S.-Swiss Safe Harbor. To give organizations the time needed to review the Privacy Shield Principles and the commitments they entail, U.S. Acting Under Secretary of Commerce Ken Hyatt announced that the Department will begin accepting Privacy Shield certifications on April 12, 2017.

Beginning April 12, 2017, the Department of Commerce will no longer accept any U.S.-Swiss Safe Harbor certifications. The Department will maintain the U.S.-Swiss Safe Harbor List of participants.

Please note that, pursuant to the Safe Harbor Frequently Asked Question on Self-Certification, the commitment to adhere to the U.S.-EU and U.S.-Swiss Safe Harbor Principles is not time-limited, and a participating organization must continue to apply the Principles to data received under the Safe Harbor.

For more information on the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, please visit https://www.privacyshield.gov.

Introduction:

The European Commission’s Directive on Data Protection went into effect in October of 1998, and would prohibit the transfer of personal data to non-European Union countries that do not meet the European Union (EU) “adequacy” standard for privacy protection. While the United States and the EU share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the EU.

In order to bridge these differences in approach and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "Safe Harbor" framework and this website to provide the information an organization would need to evaluate – and then join – the U.S.-EU Safe Harbor program.

The U.S. Department of Commerce in consultation with the Federal Data Protection and Information Commissioner of Switzerland developed a separate "Safe Harbor" framework to bridge the differences between the two countries’ approaches to privacy and provide a streamlined means for U.S. organizations to comply with Swiss data protection law. This website also provides the information an organization would need to evaluate – and then join – the U.S.-Swiss Safe Harbor program.

To get started, please use the following links:

U.S.–European Union Safe Harbor Framework

U.S.-Switzerland Safe Harbor Framework

Eligibility for Self-Certification

Only U.S. organizations subject to the jurisdiction of the Federal Trade Commission (FTC) or U.S. air carriers and ticket agents subject to the jurisdiction of the Department of Transportation (DOT) may participate in the Safe Harbor.  Organizations generally not subject to FTC jurisdiction include certain financial institutions, (such as banks, investment houses, credit unions, and savings & loan institutions), telecommunication common carriers, labor associations, non-profit organizations, agricultural co-operatives, and meat processing facilities.  In addition, the FTC’s jurisdiction with regard to insurance activities is limited to certain circumstances.  If you are uncertain as to whether your organization falls under the jurisdiction of either the FTC or DOT, as certain exceptions to general ineligibility do exist, be sure to contact those agencies for more information.


  Notice to Visitors!


  The link you have chosen will take you to a non-U.S. Government website.

  If the page does not appear in 5 seconds, please click this: outside web site

  Export.gov is managed by the International Trade Administration and external links are covered by its website  disclaimer statement.


  Notice to Visitors!


  The link you have chosen will take you to a non-U.S. Government website.

  If the page does not appear in 5 seconds, please click this: outside web site

  BuyUSA.gov is managed by the International Trade Administration and external links are covered by its website disclaimer statement.