The U.S. Safe Harbor is an agreement between the European Commission and the United States Department of Commerce that enables organizations to join a Safe Harbor List to demonstrate their compliance with the European Union Data Protection Directive. This allows the transfer of personal data to the U.S. in circumstances where the transfer would otherwise not meet the European adequacy test for privacy protection. The Safe Harbor is best described as an uneasy compromise between the comprehensive legislative approach adopted by European nations and the self–regulatory approach preferred by the U.S. The Safe Harbor Framework has been the subject of ongoing criticism, including two previous reviews (2002 and 2004). Those reviews expressed serious concerns about the effectiveness of the Safe Harbor as a privacy protection mechanism. After ten years of public debate a Galexia study once again reviewed the U.S. Safe Harbor and found numerous problems with data accuracy and basic compliance with simple Framework requirements. Problems identified in previous reviews of the Safe Harbor have not yet been rectified, and the number of false claims made by organizations represents a significant privacy risk to consumers.
