Germany DPAs to discuss the EU-US Safe Harbour Agreement

By EDRi · February 24, 2010

This article is also available in:
Deutsch: [Deutsche Datenschutzbehörden debattieren über das Safe Harbour-Abkommen |]

The German data protection authorities want to have a meeting on the EU-US
data protection Safe Harbour agreement and to agree on a resolution on this

Heise reports that some of the German Lander Data Protection Authorities
(DPAs) that will meet in Düsseldorf in April are unhappy about the practical
application of the Safe Harbour agreement, especially when a high number of
servers from companies such as Google and Facebook is located there,
including EU citizens personal data.

The concern of the German DPAs is motivated by report published by Galexia,
a US consulting company, which found that more than 200 companies claimed
to have joined the Safe Harbour Agreement without having done so. It also
showed that only about 350 companies complied with the minimal requirements
and that, by December 2008, in 10 years of application of the agreement,
there has been only a court case for not fulfilling the requirements,
without any sanctions for the infringing company.

The first case when a US company was charged by the US Federal Trade
Commission on falsely claiming compliance with the Safe Harbour Privacy
Principles took place only in 2009. The charged company – the Californian
Internet retailer Balls of Kryptonite – had led consumers to believe it was
located in the UK and had falsely claimed that they had self-certified their
compliance with the Safe Harbour.

Safe Harbor Agreements: wild card for American privacy infringers? (only in
German, 17.02.2010)

The US Safe Harbor – Fact or Fiction? (12.2008)

US Prosecution for false web claim of Safe Harbor status (11.09.2009)

Court Halts U.S. Internet Seller Deceptively Posing as U.K. Home Electronics
Site (8.06.2009)