357:(DOC) on 17 October 2008 remained in the database after doubles, triples and "not current" organisations were removed. Only 348 organisations met even the most basic requirements for compliance. Of these, only 54 extended their Safe Harbor membership to all data categories (manual, offline, online, human resources). 206 organisations falsely claimed to be members for years, yet there was no indication that they were subject of any US enforcement. Reviewers criticized the DOC's 'Safe Harbor Certification Mark' offered to companies to use as a "visual manifestation of the organization when it self-certifies that it will comply" as misleading, because it does not carry the words "self certify" on it. Only 900 organizations provided a link to their
361:, and for 421, the document was unavailable. Numerous policies were only one to three sentences long, containing "virtually no information". Many entries appeared to confuse privacy compliance with security compliance and showed a "lack of understanding about the Safe Harbor program". The companies' listing of their dispute resolution providers was confusing, and problems regarding independence and affordability were noted. Many organisations did not spell out that they would cooperate with or explain to their customers that they could choose the dispute resolution panel established by the EU Data Protection Authorities.
166:. President Prof. Stefano RodotĂ , one of the fathers of the privacy framework in Europe, helped by the Italian Data Protection Authority Secretary General Mr. Giovanni Buttarelli, lately appointed as European Data Protection Supervisor (EDPS). Safe Harbor Principles were designed to prevent private organizations within the European Union or United States which store customer data from accidentally disclosing or losing personal information. US companies could opt into a program and be certified if they adhered to seven principles and 15 frequently asked questions and answers per the Directive. In July 2000, the
483:
198:, including through increased cooperation with European Data Protection Authorities. The new arrangement includes commitments by the US that possibilities under US law for public authorities to access personal data transferred under the new arrangement will be subject to clear conditions, limitations and oversight, preventing generalised access. Europeans will have the possibility to raise any enquiry or complaint in this context with a dedicated new Ombudsperson".
561:
371:, revising its statements about the number of participants, to abandon the use of the Safe Harbor Certification Mark, to investigate the unauthorised and misleading use of its Departmental logo and automatically suspend an organisation’s membership if they failed to renew their Safe Harbor certification.
536:
newspaper predicts that "once the
Commission has issued a beefed-up 'adequacy decision', it will be harder for the ECJ to strike it down." Privacy activist Joe McNamee summed up the situation by noting the commission has announced agreements prematurely, thus forfeiting its negotiating right. At the
529:
has taken up this demand, and stated it would hold back another month until March 2016 to decide on consequences of
Commissioner Jourova's new proposal. The European Commission's Director for Fundamental Rights Paul Nemitz stated at a conference in Brussels in January how the commission would decide
293:
The US government does not regulate Safe Harbor, which is self-regulated through its private sector members and the dispute resolution entities they pick. The
Federal Trade Commission "manages" the system under the oversight of the US Department of Commerce. To comply with the commitments, violators
289:
After opting in, an organization must have appropriate employee training and an effective dispute mechanism in place, and self re-certify every twelve months in writing that it agrees to adhere to the EU–US Safe Harbor
Framework's principles, including notice, choice, access, and enforcement. It can
193:
agreed on 2 February 2016 "reflects the requirements set out by the
European Court of Justice in its ruling on 6 October 2015, which declared the old Safe Harbor framework invalid. The new arrangement will provide stronger obligations on companies in the US to protect the personal data of Europeans
462:
since then has had to "examine Mr. Schrems's case 'with all due diligence' and ... decide whether ... the transfer of
Facebook's European subscribers' personal data to the United States should be suspended". EU regulators said that if the ECJ and United States did not negotiate a new system within
158:
or
Standard Contractual Clauses have been authorised." The latter means that privacy protection can be at an organizational level, where a multinational organization produces and documents its internal controls on personal data or they can be at the level of a country if its laws are considered to
524:
have criticized the new ruling, with the latter predicting that the
Commission might be taking a "round-trip to Luxembourg" (where the European Court of Justice is located). EU Commissioner for Consumers, Vera Jourova, expressed confidence that a deal would be reached by the end of February. Many
463:
three months, businesses might face action from
European privacy regulators. On October 29, 2015, a new "Safe Harbor 2.0" agreement appeared close to being finalized. However, Commissioner Jourova expected the US to act next. American NGOs were quick to expand on the significance of the decision.
729:
2000/520/EC: Commission
Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified
450:
organizations entitled to work with EU privacy-related data to comply with it, thus providing insufficient guarantees. US federal government agencies could use personal data under US law, but were not required to opt in. The court held that companies opting in were "bound to disregard, without
827:
on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified under document number C(2000) 2441) (Text with EEA relevance.) 25 August 2000, retrieved 30 October
541:
data protection authority was during February 2016 preparing to fine three companies for relying on Safe Harbor as the legal basis for their transatlantic data transfers and two other companies were under investigation. From the other side a reaction looked imminent.
107:
data were insufficiently protected, the ECJ declared in October 2015 that the Safe Harbor decision was invalid, leading to further talks being held by the commission with the US authorities towards "a renewed and sound framework for transatlantic data flows".
298:
by administrative orders and civil penalties of up to $ 16,000 per day for violations. If an organization fails to comply with the framework it must promptly notify the Department of Commerce, or else it can be prosecuted under the False Statements Act.
525:
Europeans were demanding a mechanism for individual European citizens to lodge complaints over the use of their data, as well as a transparency scheme to assure that European citizens data did not fall into the hands of US intelligence agencies. The
177:
On 6 October 2015, the European Court of Justice invalidated the EC's Safe Harbor Decision, because "legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as
170:(EC) decided that US companies complying with the principles and registering their certification that they met the EU requirements, the so-called "safe harbor scheme", were allowed to transfer data from the EU to the US. This is referred to as the
366:
Galexia recommended the EU to renegotiate the Safe Harbor arrangement, provide warnings to EU consumers and consider to comprehensively review all list entries. They recommended to the US to investigate the hundreds of organisations making
290:
either perform a self-assessment to verify that it complies with the principles, or hire a third-party to perform the assessment. Companies pay an annual $ 100 fee for registration except for first time registration ($ 200).
213:– Individuals must be informed that their data is being collected and how it will be used. The organization must provide information about how individuals can contact the organization with any inquiries or complaints.
446:), the law and practice of the United States do not offer sufficient protection against surveillance by the public authorities". The ECJ held the Safe Harbor Principles to be invalid, as they did not require
318:. Among its many alleged deceptive practices was representing itself as having self-certified under Safe Harbor when in fact it had not. It was barred from using such deceptive practices in the future.
1176:
741:
399:
The Netherlands promptly ruled out US cloud suppliers from Dutch government contracts, and even considered a ban on Microsoft- and Google-provided cloud contracts. A Dutch subsidiary of the US based
335:
A 2002 review by the European Union found "a substantial number of organisations that have self-certified adherence to the Safe Harbor do not seem to be observing the expected degree of
1332:
Intensifying Negotiations on transatlantic Data Privacy Flows: A Joint Press Statement by European Commissioner for Justice Didier Reynders and U.S. Secretary of Commerce Gina Raimondo
753:
Vera Jourova, "Commissioner Jourová's remarks on Safe Harbour EU Court of Justice judgement before the Committee on Civil Liberties, Justice and Home Affairs (LIBE)", 26 October 2015
162:
The Safe Harbor Privacy Principles were developed between 1998 and 2000. Key player was the Art. 29 Working Party, at that time chaired by the Italian Data Protection Authority
85:
1414:
948:
791:
Commission Decision 2001/497/EC of 15 June 2001 on standard contractual clauses for the transfer of personal data to third countries under Directive 95/46/EC15 June 2001
684:"Judgment in Case C-362/14 Maximillian Schrems v Data Protection Commissioner: The Court of Justice declares that the Commission's US Safe Harbour Decision is invalid"
353:, backed by claimed regulator oversight was questionable". They documented basic claims as incorrect where only 1109 out of 1597 recorded organisations listed by the
1345:
U.S. Secretary of Commerce Gina M. Raimondo Joins President Biden at U.S.-EU Summit and Advances Tech and Trade Issues with European Union and Private Sector Leaders
1151:
1227:
961:
545:
On 25 March 2021 the European Commission and US Secretary of Commerce reported that "intensified negotiations" were taking place. Discussions continued at the
331:
The EU–US Safe Harbor Principles 'self certification scheme' has been criticised in regard to its compliance and enforcement in three external EU evaluations:
150:
According to the Data Protection Directive, companies operating in the European Union are not permitted to send personal data to "third countries" outside the
1046:
1399:
780:
and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
1344:
451:
limitation, the protective rules laid down by that scheme where they conflict with national security, public interest and law enforcement requirements".
434:
processing of his personal data from its Irish subsidiary to servers in the US. Schrems complained that "in the light of the revelations made in 2013 by
263:
407:
of the Dutch national health service system and warned, that unless CSC could assure it was not subject to the Patriot Act, it would end the contract.
926:
343:
mechanisms have indicated publicly their intention to enforce Safe Harbor rules and not all have in place privacy practices applicable to themselves."
410:
One year later in 2012, a legal research paper supported the notion that the Patriot Act allowed US law enforcement to bypass European privacy laws.
546:
111:
The European Commission and the United States agreed to establish a new framework for transatlantic data flows on 2 February 2016, known as the "
620:
579:
349:
In 2008, an Australian consulting company named Galexia issued a scathing review, finding "the ability of the US to protect privacy through
584:
439:
266:
may participate in this voluntary program. This excludes many financial institutions (such as banks, investment houses, credit unions, and
1386:
collected from the FTC site, even obsoletes, which are overwritten on the FTC site, allowing to track how submissions evolve over time.
590:
962:
The implementation of Commission Decision on the adequate protection of personal data provided by the Safe Harbour Privacy Principles
514:
34:
1366:
949:
The application of Commission Decision on the adequate protection of personal data provided by the Safe Harbour Privacy Principles
803:
267:
633:
Farrell, Henry (Spring 2003). "Constructing the International Foundations of E-Commerce—The EU–U.S. Safe Harbor Arrangement".
990:
825:
2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council
1072:
728:
716:
225:– Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
400:
76:
citizens. US companies storing customer data could self-certify that they adhered to 7 principles, to comply with the EU
1404:
459:
295:
29:
This article is about the first framework, invalidated in 2015. For the superseding framework, also found invalid, see
912:
1377:
1006:
1125:
303:
279:
974:
762:
219:– Individuals must have the option to opt out of the collection and forward transfer of the data to third parties.
824:
615:
610:
404:
354:
275:
144:
81:
77:
61:
1306:
472:
243:– Individuals must be able to access information held about them, and correct or delete it, if it is inaccurate.
190:
154:, unless they guarantee adequate levels of protection, "the data subject himself agrees to the transfer" or "if
116:
112:
30:
853:
526:
443:
350:
307:
259:
195:
574:
339:
as regards their overall commitment or as regards the contents of their privacy policies" and that "not all
155:
99:
made a decision in 2000 that the United States' principles did comply with the EU Directive – the so-called
1331:
1228:"Charlemagne: "Swords and shields". America and the European Union have reached a deal on data protection"
1020:
927:"FTC Settlement Bans Online U.S. Electronics Retailer from Deceiving Consumers with Foreign Website Names"
151:
838:
EU Commission and United States agree on new framework for transatlantic data flows: EU-US Privacy Shield
336:
790:
1409:
1202:
517:
419:
57:
48:
were principles developed between 1998 and 2000 in order to prevent private organizations within the
777:
167:
96:
650:
455:
340:
1152:"EU-US Data Transfers Won't Be Blocked While Privacy Shield Details Are Hammered Out, Says WP29"
605:
642:
857:
717:
Commission decisions on the adequacy of the protection of personal data in third countries
271:
886:
870:
837:
496:
Please help update this article to reflect recent events or newly available information.
1280:
435:
389:
358:
315:
311:
283:
136:
69:
49:
1253:
899:
314:
from a California-based online retailer that had sold exclusively to customers in the
139:(EU) enacted a more binding form of governance, i.e. legislation, to protect personal
1393:
1370:
807:
654:
532:
385:
132:
92:
53:
17:
686:(Press release). Court of Justice of the European Union. October 6, 2015. p. 3
140:
91:
Within the context of a series of decisions on the adequacy of the protection of
84:
developed privacy frameworks in conjunction with both the European Union and the
560:
521:
427:
393:
368:
73:
65:
704:
1047:"E.U. tells U.S. it must make next move on new Safe Harbor deal, Nov. 6, 2015"
980:, issue 96, December 2008, published on Galexia.com, retrieved 30 October 2015
646:
566:
556:
1098:
683:
286:, journalists and most insurances, although it may include investment banks.
194:
and stronger monitoring and enforcement by the US Department of Commerce and
180:
compromising the essence of the fundamental right to respect for private life
381:
231:– Reasonable efforts must be made to prevent loss of collected information.
742:
statement of the Data Protection Working Party on the EU US Privacy Shield
1383:
431:
135:
in the form of eight principles. These were non-binding and in 1995, the
104:
600:
595:
538:
423:
392:, regardless of where it is in the world, is not protected against the
237:– Data must be relevant and reliable for the purpose it was collected.
1307:"US plans intervention in EU vs Facebook case caused by NSA snooping"
537:
same time, the first court challenges in Germany have commenced: the
1281:"Here Comes the Post-Safe Harbor EU Privacy Crackdown, Feb.25, 2016"
850:
1360:
1254:"What's behind the shield? Unspinning the "privacy shield" spin"
128:
913:
Safe Harbor: Why EU data needs 'protecting' from US law Failure
163:
1380:, US Federal Trade Commission, n.d., retrieved 30 October 2015
851:
Welcome to the U.S.-EU & U.S.-Swiss Safe Harbor Frameworks
476:
454:
In accordance with the EU rules for referral to the ECJ for a
1113:
European Commission may be issuing a round-trip to Luxembourg
991:
Microsoft admits Patriot Act can access EU-based cloud data
418:
In October 2015, the ECJ responded to a referral from the
249:– There must be effective means of enforcing these rules.
1177:"Statement on the consequences of the Schrems judgement"
1007:
Patriot Act can "obtain" data in Europe, researchers say
64:(ECJ), which enabled some US companies to comply with
929:(Press release). Washington. Federal Trade Commission
86:
Federal Data Protection and Information Commissioner
1126:"Jourová: The new EU-US bridge [Interview]"
993:
Zdnet.com, June 28, 2011, retrieved 30 October 2015
1384:An open data project listing Safe Harbor companies
60:. They were overturned on October 6, 2015, by the
1021:"U.S. sees new EU data-sharing pact within reach"
278:), labor associations, non-profit organizations,
1334:, published 25 March 2021, accessed 23 July 2021
103:. However, after a customer complained that his
1347:, published 23 June 2021, accessed 28 July 2021
1203:"New data transfer deal could come by Monday"
889:, 18 December 2013, retrieved 30 October 2015
778:Directive 95/46/EC of the European Parliament
8:
414:Citizen complaint about Facebook data safety
42:International Safe Harbor Privacy Principles
881:
879:
819:
817:
763:The new transatlantic data “Privacy Shield”
873:29 January 2009, retrieved 30 October 2015
467:Response to EU–US Privacy Shield Agreement
189:According to the European Commission, the
1367:"U.S.-EU Safe Harbor Framework Documents"
1258:European Digital Rights initiative (EDRi)
1073:"Digital Privacy, in the U.S. and Europe"
860:9 October 2015, retrieved 30 October 2015
804:"U.S.–EU Safe Harbor Framework Documents"
131:issued recommendations for protection of
1361:Safe Harbor Arrangement Official US site
1099:"EU US Privacy Shield (Safe Harbor 1.1)"
978:Privacy Laws and Business International
902:9 April 2015, retrieved 30 October 2015
793:, Official Journal L 181 of 04.07.2001.
678:
676:
674:
672:
668:
258:Only US organizations regulated by the
56:from accidentally disclosing or losing
1415:United States–European Union relations
1305:Martin, Alexander J. (June 13, 2016).
1001:
999:
773:
771:
530:on the "adequacy" of data protection.
1019:Georgina Prodhan (October 29, 2015).
705:Welcome to the U.S.-Swiss Safe Harbor
621:Trans-Atlantic Data Privacy Framework
580:Electronic Communications Privacy Act
115:", which was closely followed by the
7:
1201:Bracy, Jedidiah (January 28, 2015).
585:Fair Information Practice Principles
254:Scope, certification and enforcement
206:The seven principles from 2000 are:
95:transferred to other countries, the
1150:Lomas, Natasha (February 3, 2016).
964:11 pages, retrieved 30 October 2015
951:11 pages, retrieved 30 October 2015
871:FAQ – Investment banking and audits
730:under document number C(2000) 2441)
440:United States intelligence services
1400:European Union data protection law
789:European Commission (15 June 2001)
591:General Data Protection Regulation
346:2004 review by the European Union:
159:offer protection equal to the EU.
25:
1097:Schrems, Max (February 2, 2016).
975:US Safe Harbor - Fact or Fiction?
438:concerning the activities of the
80:and with Swiss requirements. The
33:. For the current framework, see
1045:Peter Sayer (November 6, 2015).
559:
481:
422:in relation to a complaint from
268:savings & loans institutions
1369:. US government. Archived from
806:. US government. Archived from
46:Safe Harbour Privacy Principles
184:[emphasis in original]
1:
925:Staff writer (June 9, 2011).
401:Computer Sciences Corporation
52:or United States which store
898:U.S. Department of Commerce
887:U.S.–EU Safe Harbor Overview
885:U.S. Department of Commerce
869:U.S. Department of Commerce
849:U.S. Department of Commerce
460:Data Protection Commissioner
296:Federal Trade Commission Act
264:Department of Transportation
35:EU–US Data Privacy Framework
960:European Commission (2004)
947:European Commission (2002)
765:, accessed 25 February 2016
294:can be penalized under the
1431:
823:European Court of Justice
732:, accessed 1 November 2015
635:International Organization
549:in Brussels in June 2021.
470:
280:agricultural co-operatives
276:internet service providers
28:
1071:NGOs (October 13, 2015).
1009:CBS News December 4, 2012
973:Chris Connolly (Galexia)
647:10.1017/S0020818303572022
616:Privacy Impact Assessment
611:Stored Communications Act
490:This section needs to be
405:electronic health records
355:US Department of Commerce
145:Data Protection Directive
82:US Department of Commerce
78:Data Protection Directive
62:European Court of Justice
1343:Department of Commerce,
840:, issued 2 February 2016
719:accessed 1 November 2015
707:accessed 1 November 2015
527:Article 29 Working Party
444:National Security Agency
322:Criticism and evaluation
308:Federal Trade Commission
260:Federal Trade Commission
196:Federal Trade Commission
575:Binding corporate rules
384:UK's managing director
156:Binding Corporate Rules
117:Swiss-US Privacy Shield
1378:US-EU Safe Harbor list
152:European Economic Area
1330:European Commission,
856:June 9, 2010, at the
420:High Court of Ireland
375:
270:), telecommunication
164:www.garanteprivacy.it
18:Safe Harbour Decision
915:Zdnet, 25 April 2011
518:Jan Philipp Albrecht
473:EU–US Privacy Shield
442:(in particular, the
191:EU–US Privacy Shield
172:Safe Harbor decision
113:EU–US Privacy Shield
101:Safe Harbor decision
58:personal information
31:EU–US Privacy Shield
1405:Information privacy
1207:The Privacy Advisor
428:Maximillian Schrems
376:Patriot Act's reach
168:European Commission
143:in the form of the
97:European Commission
1260:. February 2, 2016
1234:. February 6, 2016
1182:. February 2, 2016
744:, additional text.
456:preliminary ruling
341:dispute resolution
123:Background history
1373:on April 5, 2015.
810:on April 5, 2015.
511:
510:
185:
16:(Redirected from
1422:
1374:
1348:
1341:
1335:
1328:
1322:
1321:
1319:
1317:
1302:
1296:
1295:
1293:
1291:
1285:Fortune magazine
1276:
1270:
1269:
1267:
1265:
1250:
1244:
1243:
1241:
1239:
1224:
1218:
1217:
1215:
1213:
1198:
1192:
1191:
1189:
1187:
1181:
1173:
1167:
1166:
1164:
1162:
1147:
1141:
1140:
1138:
1136:
1122:
1116:
1115:
1110:
1108:
1103:
1094:
1088:
1087:
1085:
1083:
1068:
1062:
1061:
1059:
1057:
1042:
1036:
1035:
1033:
1031:
1016:
1010:
1005:Zack Whittaker,
1003:
994:
989:Zack Whittaker,
987:
981:
971:
965:
958:
952:
945:
939:
938:
936:
934:
922:
916:
909:
903:
900:Safe Harbor Fees
896:
890:
883:
874:
867:
861:
847:
841:
835:
829:
821:
812:
811:
800:
794:
787:
781:
775:
766:
760:
754:
751:
745:
739:
733:
726:
720:
714:
708:
702:
696:
695:
693:
691:
680:
658:
569:
564:
563:
506:
503:
497:
485:
484:
477:
359:privacy policies
183:
88:of Switzerland.
21:
1430:
1429:
1425:
1424:
1423:
1421:
1420:
1419:
1390:
1389:
1365:
1357:
1352:
1351:
1342:
1338:
1329:
1325:
1315:
1313:
1304:
1303:
1299:
1289:
1287:
1278:
1277:
1273:
1263:
1261:
1252:
1251:
1247:
1237:
1235:
1226:
1225:
1221:
1211:
1209:
1200:
1199:
1195:
1185:
1183:
1179:
1175:
1174:
1170:
1160:
1158:
1149:
1148:
1144:
1134:
1132:
1124:
1123:
1119:
1106:
1104:
1101:
1096:
1095:
1091:
1081:
1079:
1070:
1069:
1065:
1055:
1053:
1044:
1043:
1039:
1029:
1027:
1018:
1017:
1013:
1004:
997:
988:
984:
972:
968:
959:
955:
946:
942:
932:
930:
924:
923:
919:
911:Zach Whittaker
910:
906:
897:
893:
884:
877:
868:
864:
858:Wayback Machine
848:
844:
836:
832:
822:
815:
802:
801:
797:
788:
784:
776:
769:
761:
757:
752:
748:
740:
736:
727:
723:
715:
711:
703:
699:
689:
687:
682:
681:
670:
665:
632:
629:
627:Further reading
565:
558:
555:
520:and campaigner
507:
501:
498:
495:
486:
482:
475:
469:
416:
403:(CSC) runs the
378:
351:self-regulation
329:
324:
284:meat processors
272:common carriers
256:
223:Onward Transfer
204:
125:
38:
23:
22:
15:
12:
11:
5:
1428:
1426:
1418:
1417:
1412:
1407:
1402:
1392:
1391:
1388:
1387:
1381:
1375:
1363:
1356:
1355:External links
1353:
1350:
1349:
1336:
1323:
1297:
1279:Meyer, David.
1271:
1245:
1219:
1193:
1168:
1142:
1117:
1089:
1077:New York Times
1063:
1037:
1011:
995:
982:
966:
953:
940:
917:
904:
891:
875:
862:
842:
830:
813:
795:
782:
767:
755:
746:
734:
721:
709:
697:
667:
666:
664:
661:
660:
659:
641:(2): 277–306.
628:
625:
624:
623:
618:
613:
608:
603:
598:
593:
588:
582:
577:
571:
570:
554:
551:
509:
508:
489:
487:
480:
468:
465:
436:Edward Snowden
415:
412:
380:In June 2011,
377:
374:
373:
372:
363:
362:
347:
344:
328:
327:EU evaluations
325:
323:
320:
316:United Kingdom
312:consent decree
255:
252:
251:
250:
244:
238:
235:Data Integrity
232:
226:
220:
214:
203:
200:
137:European Union
124:
121:
70:European Union
50:European Union
24:
14:
13:
10:
9:
6:
4:
3:
2:
1427:
1416:
1413:
1411:
1408:
1406:
1403:
1401:
1398:
1397:
1395:
1385:
1382:
1379:
1376:
1372:
1368:
1364:
1362:
1359:
1358:
1354:
1346:
1340:
1337:
1333:
1327:
1324:
1312:
1308:
1301:
1298:
1286:
1282:
1275:
1272:
1259:
1255:
1249:
1246:
1233:
1232:The Economist
1229:
1223:
1220:
1208:
1204:
1197:
1194:
1178:
1172:
1169:
1157:
1153:
1146:
1143:
1131:
1127:
1121:
1118:
1114:
1100:
1093:
1090:
1078:
1074:
1067:
1064:
1052:
1051:Computerworld
1048:
1041:
1038:
1026:
1022:
1015:
1012:
1008:
1002:
1000:
996:
992:
986:
983:
979:
976:
970:
967:
963:
957:
954:
950:
944:
941:
928:
921:
918:
914:
908:
905:
901:
895:
892:
888:
882:
880:
876:
872:
866:
863:
859:
855:
852:
846:
843:
839:
834:
831:
826:
820:
818:
814:
809:
805:
799:
796:
792:
786:
783:
779:
774:
772:
768:
764:
759:
756:
750:
747:
743:
738:
735:
731:
725:
722:
718:
713:
710:
706:
701:
698:
685:
679:
677:
675:
673:
669:
662:
656:
652:
648:
644:
640:
636:
631:
630:
626:
622:
619:
617:
614:
612:
609:
607:
604:
602:
599:
597:
594:
592:
589:
586:
583:
581:
578:
576:
573:
572:
568:
562:
557:
552:
550:
548:
543:
540:
535:
534:
533:The Economist
528:
523:
519:
516:
505:
493:
488:
479:
478:
474:
466:
464:
461:
457:
452:
449:
445:
441:
437:
433:
429:
425:
421:
413:
411:
408:
406:
402:
397:
395:
391:
387:
386:Gordon Frazer
383:
370:
365:
364:
360:
356:
352:
348:
345:
342:
338:
334:
333:
332:
326:
321:
319:
317:
313:
309:
305:
300:
297:
291:
287:
285:
281:
277:
273:
269:
265:
261:
253:
248:
245:
242:
239:
236:
233:
230:
227:
224:
221:
218:
215:
212:
209:
208:
207:
201:
199:
197:
192:
187:
181:
175:
173:
169:
165:
160:
157:
153:
148:
146:
142:
138:
134:
133:personal data
130:
127:In 1980, the
122:
120:
118:
114:
109:
106:
102:
98:
94:
93:personal data
89:
87:
83:
79:
75:
71:
67:
63:
59:
55:
54:customer data
51:
47:
43:
36:
32:
27:
19:
1371:the original
1339:
1326:
1314:. Retrieved
1311:The Register
1310:
1300:
1290:February 26,
1288:. Retrieved
1284:
1274:
1264:February 10,
1262:. Retrieved
1257:
1248:
1236:. Retrieved
1231:
1222:
1210:. Retrieved
1206:
1196:
1184:. Retrieved
1171:
1159:. Retrieved
1155:
1145:
1133:. Retrieved
1129:
1120:
1112:
1105:. Retrieved
1092:
1082:November 13,
1080:. Retrieved
1076:
1066:
1054:. Retrieved
1050:
1040:
1028:. Retrieved
1024:
1014:
985:
977:
969:
956:
943:
931:. Retrieved
920:
907:
894:
865:
845:
833:
808:the original
798:
785:
758:
749:
737:
724:
712:
700:
688:. Retrieved
638:
634:
587:(FIPP's), US
547:EU–US Summit
544:
531:
512:
499:
491:
458:, the Irish
453:
447:
417:
409:
398:
379:
369:false claims
337:transparency
330:
301:
292:
288:
257:
246:
240:
234:
228:
222:
216:
210:
205:
188:
179:
176:
171:
161:
149:
141:data privacy
126:
110:
100:
90:
66:privacy laws
45:
41:
39:
26:
1410:Privacy law
1238:February 8,
1212:February 3,
1186:February 6,
1161:February 3,
1135:February 3,
1107:February 3,
1056:November 9,
1030:October 30,
606:Safe harbor
522:Max Schrems
394:Patriot Act
388:said that "
310:obtained a
304:a 2011 case
274:(including
247:Enforcement
119:Framework.
68:protecting
1394:Categories
1156:TechCrunch
1130:New Europe
690:October 7,
663:References
567:Law portal
502:April 2020
471:See also:
432:Facebook's
430:regarding
390:cloud data
202:Principles
655:154976969
382:Microsoft
1316:June 16,
933:March 5,
854:Archived
553:See also
426:citizen
424:Austrian
229:Security
105:Facebook
1025:Reuters
601:Privacy
596:IT risk
539:Hamburg
513:German
492:updated
262:or the
653:
306:, the
282:, and
241:Access
217:Choice
211:Notice
1180:(PDF)
1102:(PDF)
651:S2CID
74:Swiss
1318:2016
1292:2016
1266:2016
1240:2016
1214:2016
1188:2016
1163:2016
1137:2016
1109:2016
1084:2015
1058:2015
1032:2015
935:2015
828:2015
692:2015
129:OECD
72:and
40:The
643:doi
515:MEP
448:all
396:."
302:In
44:or
1396::
1309:.
1283:.
1256:.
1230:.
1205:.
1154:.
1128:.
1111:.
1075:.
1049:.
1023:.
998:^
878:^
816:^
770:^
671:^
649:.
639:57
637:.
186:.
182:"
174:.
147:.
1320:.
1294:.
1268:.
1242:.
1216:.
1190:.
1165:.
1139:.
1086:.
1060:.
1034:.
937:.
694:.
657:.
645::
504:)
500:(
494:.
37:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.