The International Safe Harbor Privacy Principles is a programme between the European Union and the United States allowing Us companies to transfer customer data from the EU to the US even if they don't comply with the European data protection directive. The 1995 directive sets safeguards for users privacy that are different (and often higher) than those of the United States, but to allow the massive data flow between the EU and the US, the US Department of Commerce designed this voluntary programme. To adhere to the programme, US companies have to comply with seven principles :
- notice : companies must notify users about the collection of informations about them, and the purpose of this collection.
- choice : given via an opt out process, or an opt in in case of possible disclosure of sensible data to a third party.
- onward transfer : if a company wants to transfer data to a third party, that party must comply with equivalent standards of data protection
- access : users must be able to access informations about them, and amend or delete them ifthey are inaccurate
- security : companies must take “reasonable precautions” to protect personal information
- data integrity : organisations must make sure that they only collect informations revelant for the purposes for which it will be used
- enforcement : Users should be able to see their complaints and disputes investigated on and resolved if needs be.