Microsoft yesterday announced its plan to sign the Safe Harbor
Agreement which exists between the US and the EU to allow the safe
transfer of personal data from the EU which concerns its citizens.
It follows Hewlett-Packard to become one of only a few US
multinationals to support the Agreement. The Agreement has to date
proved unpopular with US businesses, with only around 40
subscribing to date.
Richard Purcell, Microsoft's director of Corporate Privacy,
said:
"Microsoft has a worldwide commitment to
protecting our customers' privacy and providing them with control
over personal information. This commitment to stateside and
international data protection policies, as defined by the Fair
Information Principles, is well established. Because our company
privacy policies are consistent with the EU principles for data
protection, Microsoft is able to sign the Safe Harbour Agreement
with the U.S. Department of Commerce this summer."
The EU Directive on Data Protection states that for those
countries outside the EU whose privacy practices are not deemed
"adequate," which includes the US, transfers of personal
information from Europe to those countries would be stopped. To
ensure that personal data flows to the US are not interrupted, the
US Department of Commerce (under the Clinton administration) and
the European Commission developed the Safe Harbor framework that
allows US organisations to satisfy the European Directive's
requirements.
US organisations that decide to participate in the Safe Harbour
Agreement must comply with its requirements and publicly declare
that they do so by signing up with the US. Department of Commerce.
Although the decision by US organisations to participate is
voluntary, organisations that transfer data from the EU to the
United States without complying may be subject to enforcement
actions in Europe.
