346:(DOC) on 17 October 2008 remained in the database after doubles, triples and "not current" organisations were removed. Only 348 organisations met even the most basic requirements for compliance. Of these, only 54 extended their Safe Harbor membership to all data categories (manual, offline, online, human resources). 206 organisations falsely claimed to be members for years, yet there was no indication that they were subject of any US enforcement. Reviewers criticized the DOC's 'Safe Harbor Certification Mark' offered to companies to use as a "visual manifestation of the organization when it self-certifies that it will comply" as misleading, because it does not carry the words "self certify" on it. Only 900 organizations provided a link to their
350:, and for 421, the document was unavailable. Numerous policies were only one to three sentences long, containing "virtually no information". Many entries appeared to confuse privacy compliance with security compliance and showed a "lack of understanding about the Safe Harbor program". The companies' listing of their dispute resolution providers was confusing, and problems regarding independence and affordability were noted. Many organisations did not spell out that they would cooperate with or explain to their customers that they could choose the dispute resolution panel established by the EU Data Protection Authorities.
155:. President Prof. Stefano RodotĂ , one of the fathers of the privacy framework in Europe, helped by the Italian Data Protection Authority Secretary General Mr. Giovanni Buttarelli, lately appointed as European Data Protection Supervisor (EDPS). Safe Harbor Principles were designed to prevent private organizations within the European Union or United States which store customer data from accidentally disclosing or losing personal information. US companies could opt into a program and be certified if they adhered to seven principles and 15 frequently asked questions and answers per the Directive. In July 2000, the
472:
187:, including through increased cooperation with European Data Protection Authorities. The new arrangement includes commitments by the US that possibilities under US law for public authorities to access personal data transferred under the new arrangement will be subject to clear conditions, limitations and oversight, preventing generalised access. Europeans will have the possibility to raise any enquiry or complaint in this context with a dedicated new Ombudsperson".
550:
360:, revising its statements about the number of participants, to abandon the use of the Safe Harbor Certification Mark, to investigate the unauthorised and misleading use of its Departmental logo and automatically suspend an organisation’s membership if they failed to renew their Safe Harbor certification.
525:
newspaper predicts that "once the
Commission has issued a beefed-up 'adequacy decision', it will be harder for the ECJ to strike it down." Privacy activist Joe McNamee summed up the situation by noting the commission has announced agreements prematurely, thus forfeiting its negotiating right. At the
518:
has taken up this demand, and stated it would hold back another month until March 2016 to decide on consequences of
Commissioner Jourova's new proposal. The European Commission's Director for Fundamental Rights Paul Nemitz stated at a conference in Brussels in January how the commission would decide
282:
The US government does not regulate Safe Harbor, which is self-regulated through its private sector members and the dispute resolution entities they pick. The
Federal Trade Commission "manages" the system under the oversight of the US Department of Commerce. To comply with the commitments, violators
278:
After opting in, an organization must have appropriate employee training and an effective dispute mechanism in place, and self re-certify every twelve months in writing that it agrees to adhere to the EU–US Safe Harbor
Framework's principles, including notice, choice, access, and enforcement. It can
182:
agreed on 2 February 2016 "reflects the requirements set out by the
European Court of Justice in its ruling on 6 October 2015, which declared the old Safe Harbor framework invalid. The new arrangement will provide stronger obligations on companies in the US to protect the personal data of Europeans
451:
since then has had to "examine Mr. Schrems's case 'with all due diligence' and ... decide whether ... the transfer of
Facebook's European subscribers' personal data to the United States should be suspended". EU regulators said that if the ECJ and United States did not negotiate a new system within
147:
or
Standard Contractual Clauses have been authorised." The latter means that privacy protection can be at an organizational level, where a multinational organization produces and documents its internal controls on personal data or they can be at the level of a country if its laws are considered to
513:
have criticized the new ruling, with the latter predicting that the
Commission might be taking a "round-trip to Luxembourg" (where the European Court of Justice is located). EU Commissioner for Consumers, Vera Jourova, expressed confidence that a deal would be reached by the end of February. Many
452:
three months, businesses might face action from
European privacy regulators. On October 29, 2015, a new "Safe Harbor 2.0" agreement appeared close to being finalized. However, Commissioner Jourova expected the US to act next. American NGOs were quick to expand on the significance of the decision.
718:
2000/520/EC: Commission
Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified
439:
organizations entitled to work with EU privacy-related data to comply with it, thus providing insufficient guarantees. US federal government agencies could use personal data under US law, but were not required to opt in. The court held that companies opting in were "bound to disregard, without
816:
on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified under document number C(2000) 2441) (Text with EEA relevance.) 25 August 2000, retrieved 30 October
530:
data protection authority was during February 2016 preparing to fine three companies for relying on Safe Harbor as the legal basis for their transatlantic data transfers and two other companies were under investigation. From the other side a reaction looked imminent.
96:
data were insufficiently protected, the ECJ declared in October 2015 that the Safe Harbor decision was invalid, leading to further talks being held by the commission with the US authorities towards "a renewed and sound framework for transatlantic data flows".
287:
by administrative orders and civil penalties of up to $ 16,000 per day for violations. If an organization fails to comply with the framework it must promptly notify the Department of Commerce, or else it can be prosecuted under the False Statements Act.
514:
Europeans were demanding a mechanism for individual European citizens to lodge complaints over the use of their data, as well as a transparency scheme to assure that European citizens data did not fall into the hands of US intelligence agencies. The
166:
On 6 October 2015, the European Court of Justice invalidated the EC's Safe Harbor Decision, because "legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as
159:(EC) decided that US companies complying with the principles and registering their certification that they met the EU requirements, the so-called "safe harbor scheme", were allowed to transfer data from the EU to the US. This is referred to as the
355:
Galexia recommended the EU to renegotiate the Safe Harbor arrangement, provide warnings to EU consumers and consider to comprehensively review all list entries. They recommended to the US to investigate the hundreds of organisations making
279:
either perform a self-assessment to verify that it complies with the principles, or hire a third-party to perform the assessment. Companies pay an annual $ 100 fee for registration except for first time registration ($ 200).
202:– Individuals must be informed that their data is being collected and how it will be used. The organization must provide information about how individuals can contact the organization with any inquiries or complaints.
435:), the law and practice of the United States do not offer sufficient protection against surveillance by the public authorities". The ECJ held the Safe Harbor Principles to be invalid, as they did not require
307:. Among its many alleged deceptive practices was representing itself as having self-certified under Safe Harbor when in fact it had not. It was barred from using such deceptive practices in the future.
1165:
730:
388:
The Netherlands promptly ruled out US cloud suppliers from Dutch government contracts, and even considered a ban on Microsoft- and Google-provided cloud contracts. A Dutch subsidiary of the US based
324:
A 2002 review by the European Union found "a substantial number of organisations that have self-certified adherence to the Safe Harbor do not seem to be observing the expected degree of
1321:
Intensifying Negotiations on transatlantic Data Privacy Flows: A Joint Press Statement by European Commissioner for Justice Didier Reynders and U.S. Secretary of Commerce Gina Raimondo
742:
Vera Jourova, "Commissioner Jourová's remarks on Safe Harbour EU Court of Justice judgement before the Committee on Civil Liberties, Justice and Home Affairs (LIBE)", 26 October 2015
151:
The Safe Harbor Privacy Principles were developed between 1998 and 2000. Key player was the Art. 29 Working Party, at that time chaired by the Italian Data Protection Authority
74:
1403:
937:
780:
Commission Decision 2001/497/EC of 15 June 2001 on standard contractual clauses for the transfer of personal data to third countries under Directive 95/46/EC15 June 2001
673:"Judgment in Case C-362/14 Maximillian Schrems v Data Protection Commissioner: The Court of Justice declares that the Commission's US Safe Harbour Decision is invalid"
342:, backed by claimed regulator oversight was questionable". They documented basic claims as incorrect where only 1109 out of 1597 recorded organisations listed by the
1334:
U.S. Secretary of Commerce Gina M. Raimondo Joins President Biden at U.S.-EU Summit and Advances Tech and Trade Issues with European Union and Private Sector Leaders
1140:
1216:
950:
534:
On 25 March 2021 the European Commission and US Secretary of Commerce reported that "intensified negotiations" were taking place. Discussions continued at the
320:
The EU–US Safe Harbor Principles 'self certification scheme' has been criticised in regard to its compliance and enforcement in three external EU evaluations:
139:
According to the Data Protection Directive, companies operating in the European Union are not permitted to send personal data to "third countries" outside the
1035:
1388:
769:
and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
1333:
440:
limitation, the protective rules laid down by that scheme where they conflict with national security, public interest and law enforcement requirements".
423:
processing of his personal data from its Irish subsidiary to servers in the US. Schrems complained that "in the light of the revelations made in 2013 by
252:
396:
of the Dutch national health service system and warned, that unless CSC could assure it was not subject to the Patriot Act, it would end the contract.
915:
332:
mechanisms have indicated publicly their intention to enforce Safe Harbor rules and not all have in place privacy practices applicable to themselves."
399:
One year later in 2012, a legal research paper supported the notion that the Patriot Act allowed US law enforcement to bypass European privacy laws.
535:
100:
The European Commission and the United States agreed to establish a new framework for transatlantic data flows on 2 February 2016, known as the "
609:
568:
338:
In 2008, an Australian consulting company named Galexia issued a scathing review, finding "the ability of the US to protect privacy through
573:
428:
255:
may participate in this voluntary program. This excludes many financial institutions (such as banks, investment houses, credit unions, and
1375:
collected from the FTC site, even obsoletes, which are overwritten on the FTC site, allowing to track how submissions evolve over time.
579:
951:
The implementation of Commission Decision on the adequate protection of personal data provided by the Safe Harbour Privacy Principles
503:
23:
1355:
938:
The application of Commission Decision on the adequate protection of personal data provided by the Safe Harbour Privacy Principles
792:
256:
622:
Farrell, Henry (Spring 2003). "Constructing the International Foundations of E-Commerce—The EU–U.S. Safe Harbor Arrangement".
979:
814:
2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council
1061:
717:
705:
214:– Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
389:
65:
citizens. US companies storing customer data could self-certify that they adhered to 7 principles, to comply with the EU
1393:
448:
284:
18:
This article is about the first framework, invalidated in 2015. For the superseding framework, also found invalid, see
901:
1366:
995:
1114:
292:
268:
963:
751:
208:– Individuals must have the option to opt out of the collection and forward transfer of the data to third parties.
813:
604:
599:
393:
343:
264:
133:
70:
66:
50:
1295:
461:
232:– Individuals must be able to access information held about them, and correct or delete it, if it is inaccurate.
179:
143:, unless they guarantee adequate levels of protection, "the data subject himself agrees to the transfer" or "if
105:
101:
19:
842:
515:
432:
339:
296:
248:
184:
563:
328:
as regards their overall commitment or as regards the contents of their privacy policies" and that "not all
144:
88:
made a decision in 2000 that the United States' principles did comply with the EU Directive – the so-called
1320:
1217:"Charlemagne: "Swords and shields". America and the European Union have reached a deal on data protection"
1009:
916:"FTC Settlement Bans Online U.S. Electronics Retailer from Deceiving Consumers with Foreign Website Names"
140:
827:
EU Commission and United States agree on new framework for transatlantic data flows: EU-US Privacy Shield
325:
779:
1398:
1191:
506:
408:
46:
37:
were principles developed between 1998 and 2000 in order to prevent private organizations within the
766:
156:
85:
639:
444:
329:
1141:"EU-US Data Transfers Won't Be Blocked While Privacy Shield Details Are Hammered Out, Says WP29"
594:
631:
846:
706:
Commission decisions on the adequacy of the protection of personal data in third countries
260:
875:
859:
826:
485:
Please help update this article to reflect recent events or newly available information.
1269:
424:
378:
347:
304:
300:
272:
125:
58:
38:
1242:
888:
303:
from a California-based online retailer that had sold exclusively to customers in the
128:(EU) enacted a more binding form of governance, i.e. legislation, to protect personal
1382:
1359:
796:
643:
521:
374:
121:
81:
42:
675:(Press release). Court of Justice of the European Union. October 6, 2015. p. 3
129:
80:
Within the context of a series of decisions on the adequacy of the protection of
73:
developed privacy frameworks in conjunction with both the European Union and the
549:
510:
416:
382:
357:
62:
54:
693:
1036:"E.U. tells U.S. it must make next move on new Safe Harbor deal, Nov. 6, 2015"
969:, issue 96, December 2008, published on Galexia.com, retrieved 30 October 2015
635:
555:
545:
1087:
672:
275:, journalists and most insurances, although it may include investment banks.
183:
and stronger monitoring and enforcement by the US Department of Commerce and
169:
compromising the essence of the fundamental right to respect for private life
370:
220:– Reasonable efforts must be made to prevent loss of collected information.
731:
statement of the Data Protection Working Party on the EU US Privacy Shield
1372:
420:
124:
in the form of eight principles. These were non-binding and in 1995, the
93:
589:
584:
527:
412:
381:, regardless of where it is in the world, is not protected against the
226:– Data must be relevant and reliable for the purpose it was collected.
1296:"US plans intervention in EU vs Facebook case caused by NSA snooping"
526:
same time, the first court challenges in Germany have commenced: the
1270:"Here Comes the Post-Safe Harbor EU Privacy Crackdown, Feb.25, 2016"
839:
1349:
1243:"What's behind the shield? Unspinning the "privacy shield" spin"
117:
902:
Safe Harbor: Why EU data needs 'protecting' from US law Failure
152:
1369:, US Federal Trade Commission, n.d., retrieved 30 October 2015
840:
Welcome to the U.S.-EU & U.S.-Swiss Safe Harbor Frameworks
465:
443:
In accordance with the EU rules for referral to the ECJ for a
1102:
European Commission may be issuing a round-trip to Luxembourg
980:
Microsoft admits Patriot Act can access EU-based cloud data
407:
In October 2015, the ECJ responded to a referral from the
238:– There must be effective means of enforcing these rules.
1166:"Statement on the consequences of the Schrems judgement"
996:
Patriot Act can "obtain" data in Europe, researchers say
53:(ECJ), which enabled some US companies to comply with
918:(Press release). Washington. Federal Trade Commission
75:
Federal Data Protection and Information Commissioner
1115:"Jourová: The new EU-US bridge [Interview]"
982:
Zdnet.com, June 28, 2011, retrieved 30 October 2015
1373:An open data project listing Safe Harbor companies
49:. They were overturned on October 6, 2015, by the
1010:"U.S. sees new EU data-sharing pact within reach"
267:), labor associations, non-profit organizations,
1323:, published 25 March 2021, accessed 23 July 2021
92:. However, after a customer complained that his
1336:, published 23 June 2021, accessed 28 July 2021
1192:"New data transfer deal could come by Monday"
878:, 18 December 2013, retrieved 30 October 2015
767:Directive 95/46/EC of the European Parliament
8:
403:Citizen complaint about Facebook data safety
31:International Safe Harbor Privacy Principles
870:
868:
808:
806:
752:The new transatlantic data “Privacy Shield”
862:29 January 2009, retrieved 30 October 2015
456:Response to EU–US Privacy Shield Agreement
178:According to the European Commission, the
1356:"U.S.-EU Safe Harbor Framework Documents"
1247:European Digital Rights initiative (EDRi)
1062:"Digital Privacy, in the U.S. and Europe"
849:9 October 2015, retrieved 30 October 2015
793:"U.S.–EU Safe Harbor Framework Documents"
120:issued recommendations for protection of
1350:Safe Harbor Arrangement Official US site
1088:"EU US Privacy Shield (Safe Harbor 1.1)"
967:Privacy Laws and Business International
891:9 April 2015, retrieved 30 October 2015
782:, Official Journal L 181 of 04.07.2001.
667:
665:
663:
661:
657:
247:Only US organizations regulated by the
45:from accidentally disclosing or losing
1404:United States–European Union relations
1294:Martin, Alexander J. (June 13, 2016).
990:
988:
762:
760:
519:on the "adequacy" of data protection.
1008:Georgina Prodhan (October 29, 2015).
694:Welcome to the U.S.-Swiss Safe Harbor
610:Trans-Atlantic Data Privacy Framework
569:Electronic Communications Privacy Act
104:", which was closely followed by the
7:
1190:Bracy, Jedidiah (January 28, 2015).
574:Fair Information Practice Principles
243:Scope, certification and enforcement
195:The seven principles from 2000 are:
84:transferred to other countries, the
1139:Lomas, Natasha (February 3, 2016).
953:11 pages, retrieved 30 October 2015
940:11 pages, retrieved 30 October 2015
860:FAQ – Investment banking and audits
719:under document number C(2000) 2441)
429:United States intelligence services
1389:European Union data protection law
778:European Commission (15 June 2001)
580:General Data Protection Regulation
335:2004 review by the European Union:
148:offer protection equal to the EU.
14:
1086:Schrems, Max (February 2, 2016).
964:US Safe Harbor - Fact or Fiction?
427:concerning the activities of the
69:and with Swiss requirements. The
22:. For the current framework, see
1034:Peter Sayer (November 6, 2015).
548:
470:
411:in relation to a complaint from
257:savings & loans institutions
1358:. US government. Archived from
795:. US government. Archived from
35:Safe Harbour Privacy Principles
173:[emphasis in original]
1:
914:Staff writer (June 9, 2011).
390:Computer Sciences Corporation
41:or United States which store
887:U.S. Department of Commerce
876:U.S.–EU Safe Harbor Overview
874:U.S. Department of Commerce
858:U.S. Department of Commerce
838:U.S. Department of Commerce
449:Data Protection Commissioner
285:Federal Trade Commission Act
253:Department of Transportation
24:EU–US Data Privacy Framework
949:European Commission (2004)
936:European Commission (2002)
754:, accessed 25 February 2016
283:can be penalized under the
1422:
812:European Court of Justice
721:, accessed 1 November 2015
624:International Organization
538:in Brussels in June 2021.
459:
269:agricultural co-operatives
265:internet service providers
17:
1060:NGOs (October 13, 2015).
998:CBS News December 4, 2012
962:Chris Connolly (Galexia)
636:10.1017/S0020818303572022
605:Privacy Impact Assessment
600:Stored Communications Act
479:This section needs to be
394:electronic health records
344:US Department of Commerce
134:Data Protection Directive
71:US Department of Commerce
67:Data Protection Directive
51:European Court of Justice
1332:Department of Commerce,
829:, issued 2 February 2016
708:accessed 1 November 2015
696:accessed 1 November 2015
516:Article 29 Working Party
433:National Security Agency
311:Criticism and evaluation
297:Federal Trade Commission
249:Federal Trade Commission
185:Federal Trade Commission
564:Binding corporate rules
373:UK's managing director
145:Binding Corporate Rules
106:Swiss-US Privacy Shield
1367:US-EU Safe Harbor list
141:European Economic Area
1319:European Commission,
845:June 9, 2010, at the
409:High Court of Ireland
364:
259:), telecommunication
153:www.garanteprivacy.it
904:Zdnet, 25 April 2011
507:Jan Philipp Albrecht
462:EU–US Privacy Shield
431:(in particular, the
180:EU–US Privacy Shield
161:Safe Harbor decision
102:EU–US Privacy Shield
90:Safe Harbor decision
47:personal information
20:EU–US Privacy Shield
1394:Information privacy
1196:The Privacy Advisor
417:Maximillian Schrems
365:Patriot Act's reach
157:European Commission
132:in the form of the
86:European Commission
1249:. February 2, 2016
1223:. February 6, 2016
1171:. February 2, 2016
733:, additional text.
445:preliminary ruling
330:dispute resolution
112:Background history
1362:on April 5, 2015.
799:on April 5, 2015.
500:
499:
174:
1411:
1363:
1337:
1330:
1324:
1317:
1311:
1310:
1308:
1306:
1291:
1285:
1284:
1282:
1280:
1274:Fortune magazine
1265:
1259:
1258:
1256:
1254:
1239:
1233:
1232:
1230:
1228:
1213:
1207:
1206:
1204:
1202:
1187:
1181:
1180:
1178:
1176:
1170:
1162:
1156:
1155:
1153:
1151:
1136:
1130:
1129:
1127:
1125:
1111:
1105:
1104:
1099:
1097:
1092:
1083:
1077:
1076:
1074:
1072:
1057:
1051:
1050:
1048:
1046:
1031:
1025:
1024:
1022:
1020:
1005:
999:
994:Zack Whittaker,
992:
983:
978:Zack Whittaker,
976:
970:
960:
954:
947:
941:
934:
928:
927:
925:
923:
911:
905:
898:
892:
889:Safe Harbor Fees
885:
879:
872:
863:
856:
850:
836:
830:
824:
818:
810:
801:
800:
789:
783:
776:
770:
764:
755:
749:
743:
740:
734:
728:
722:
715:
709:
703:
697:
691:
685:
684:
682:
680:
669:
647:
558:
553:
552:
495:
492:
486:
474:
473:
466:
348:privacy policies
172:
77:of Switzerland.
1421:
1420:
1414:
1413:
1412:
1410:
1409:
1408:
1379:
1378:
1354:
1346:
1341:
1340:
1331:
1327:
1318:
1314:
1304:
1302:
1293:
1292:
1288:
1278:
1276:
1267:
1266:
1262:
1252:
1250:
1241:
1240:
1236:
1226:
1224:
1215:
1214:
1210:
1200:
1198:
1189:
1188:
1184:
1174:
1172:
1168:
1164:
1163:
1159:
1149:
1147:
1138:
1137:
1133:
1123:
1121:
1113:
1112:
1108:
1095:
1093:
1090:
1085:
1084:
1080:
1070:
1068:
1059:
1058:
1054:
1044:
1042:
1033:
1032:
1028:
1018:
1016:
1007:
1006:
1002:
993:
986:
977:
973:
961:
957:
948:
944:
935:
931:
921:
919:
913:
912:
908:
900:Zach Whittaker
899:
895:
886:
882:
873:
866:
857:
853:
847:Wayback Machine
837:
833:
825:
821:
811:
804:
791:
790:
786:
777:
773:
765:
758:
750:
746:
741:
737:
729:
725:
716:
712:
704:
700:
692:
688:
678:
676:
671:
670:
659:
654:
621:
618:
616:Further reading
554:
547:
544:
509:and campaigner
496:
490:
487:
484:
475:
471:
464:
458:
405:
392:(CSC) runs the
367:
340:self-regulation
318:
313:
273:meat processors
261:common carriers
245:
212:Onward Transfer
193:
114:
27:
12:
11:
5:
1419:
1418:
1415:
1407:
1406:
1401:
1396:
1391:
1381:
1380:
1377:
1376:
1370:
1364:
1352:
1345:
1344:External links
1342:
1339:
1338:
1325:
1312:
1286:
1268:Meyer, David.
1260:
1234:
1208:
1182:
1157:
1131:
1106:
1078:
1066:New York Times
1052:
1026:
1000:
984:
971:
955:
942:
929:
906:
893:
880:
864:
851:
831:
819:
802:
784:
771:
756:
744:
735:
723:
710:
698:
686:
656:
655:
653:
650:
649:
648:
630:(2): 277–306.
617:
614:
613:
612:
607:
602:
597:
592:
587:
582:
577:
571:
566:
560:
559:
543:
540:
498:
497:
478:
476:
469:
457:
454:
425:Edward Snowden
404:
401:
369:In June 2011,
366:
363:
362:
361:
352:
351:
336:
333:
317:
316:EU evaluations
314:
312:
309:
305:United Kingdom
301:consent decree
244:
241:
240:
239:
233:
227:
224:Data Integrity
221:
215:
209:
203:
192:
189:
126:European Union
113:
110:
59:European Union
39:European Union
13:
10:
9:
6:
4:
3:
2:
1417:
1416:
1405:
1402:
1400:
1397:
1395:
1392:
1390:
1387:
1386:
1384:
1374:
1371:
1368:
1365:
1361:
1357:
1353:
1351:
1348:
1347:
1343:
1335:
1329:
1326:
1322:
1316:
1313:
1301:
1297:
1290:
1287:
1275:
1271:
1264:
1261:
1248:
1244:
1238:
1235:
1222:
1221:The Economist
1218:
1212:
1209:
1197:
1193:
1186:
1183:
1167:
1161:
1158:
1146:
1142:
1135:
1132:
1120:
1116:
1110:
1107:
1103:
1089:
1082:
1079:
1067:
1063:
1056:
1053:
1041:
1040:Computerworld
1037:
1030:
1027:
1015:
1011:
1004:
1001:
997:
991:
989:
985:
981:
975:
972:
968:
965:
959:
956:
952:
946:
943:
939:
933:
930:
917:
910:
907:
903:
897:
894:
890:
884:
881:
877:
871:
869:
865:
861:
855:
852:
848:
844:
841:
835:
832:
828:
823:
820:
815:
809:
807:
803:
798:
794:
788:
785:
781:
775:
772:
768:
763:
761:
757:
753:
748:
745:
739:
736:
732:
727:
724:
720:
714:
711:
707:
702:
699:
695:
690:
687:
674:
668:
666:
664:
662:
658:
651:
645:
641:
637:
633:
629:
625:
620:
619:
615:
611:
608:
606:
603:
601:
598:
596:
593:
591:
588:
586:
583:
581:
578:
575:
572:
570:
567:
565:
562:
561:
557:
551:
546:
541:
539:
537:
532:
529:
524:
523:
522:The Economist
517:
512:
508:
505:
494:
482:
477:
468:
467:
463:
455:
453:
450:
446:
441:
438:
434:
430:
426:
422:
418:
414:
410:
402:
400:
397:
395:
391:
386:
384:
380:
376:
375:Gordon Frazer
372:
359:
354:
353:
349:
345:
341:
337:
334:
331:
327:
323:
322:
321:
315:
310:
308:
306:
302:
298:
294:
289:
286:
280:
276:
274:
270:
266:
262:
258:
254:
250:
242:
237:
234:
231:
228:
225:
222:
219:
216:
213:
210:
207:
204:
201:
198:
197:
196:
190:
188:
186:
181:
176:
170:
164:
162:
158:
154:
149:
146:
142:
137:
135:
131:
127:
123:
122:personal data
119:
116:In 1980, the
111:
109:
107:
103:
98:
95:
91:
87:
83:
82:personal data
78:
76:
72:
68:
64:
60:
56:
52:
48:
44:
43:customer data
40:
36:
32:
25:
21:
16:
1360:the original
1328:
1315:
1303:. Retrieved
1300:The Register
1299:
1289:
1279:February 26,
1277:. Retrieved
1273:
1263:
1253:February 10,
1251:. Retrieved
1246:
1237:
1225:. Retrieved
1220:
1211:
1199:. Retrieved
1195:
1185:
1173:. Retrieved
1160:
1148:. Retrieved
1144:
1134:
1122:. Retrieved
1118:
1109:
1101:
1094:. Retrieved
1081:
1071:November 13,
1069:. Retrieved
1065:
1055:
1043:. Retrieved
1039:
1029:
1017:. Retrieved
1013:
1003:
974:
966:
958:
945:
932:
920:. Retrieved
909:
896:
883:
854:
834:
822:
797:the original
787:
774:
747:
738:
726:
713:
701:
689:
677:. Retrieved
627:
623:
576:(FIPP's), US
536:EU–US Summit
533:
520:
501:
488:
480:
447:, the Irish
442:
436:
406:
398:
387:
368:
358:false claims
326:transparency
319:
290:
281:
277:
246:
235:
229:
223:
217:
211:
205:
199:
194:
177:
168:
165:
160:
150:
138:
130:data privacy
115:
99:
89:
79:
55:privacy laws
34:
30:
28:
15:
1399:Privacy law
1227:February 8,
1201:February 3,
1175:February 6,
1150:February 3,
1124:February 3,
1096:February 3,
1045:November 9,
1019:October 30,
595:Safe harbor
511:Max Schrems
383:Patriot Act
377:said that "
299:obtained a
293:a 2011 case
263:(including
236:Enforcement
108:Framework.
57:protecting
1383:Categories
1145:TechCrunch
1119:New Europe
679:October 7,
652:References
556:Law portal
491:April 2020
460:See also:
421:Facebook's
419:regarding
379:cloud data
191:Principles
644:154976969
371:Microsoft
1305:June 16,
922:March 5,
843:Archived
542:See also
415:citizen
413:Austrian
218:Security
94:Facebook
1014:Reuters
590:Privacy
585:IT risk
528:Hamburg
502:German
481:updated
251:or the
642:
295:, the
271:, and
230:Access
206:Choice
200:Notice
1169:(PDF)
1091:(PDF)
640:S2CID
63:Swiss
1307:2016
1281:2016
1255:2016
1229:2016
1203:2016
1177:2016
1152:2016
1126:2016
1098:2016
1073:2015
1047:2015
1021:2015
924:2015
817:2015
681:2015
118:OECD
61:and
29:The
632:doi
504:MEP
437:all
385:."
291:In
33:or
1385::
1298:.
1272:.
1245:.
1219:.
1194:.
1143:.
1117:.
1100:.
1064:.
1038:.
1012:.
987:^
867:^
805:^
759:^
660:^
638:.
628:57
626:.
175:.
171:"
163:.
136:.
1309:.
1283:.
1257:.
1231:.
1205:.
1179:.
1154:.
1128:.
1075:.
1049:.
1023:.
926:.
683:.
646:.
634::
493:)
489:(
483:.
26:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.