Safe Harbor is the name of a policy agreement established between the United States Department of Commerce and the European Union (E.U.) in November 2000 to regulate the way that U.S. companies export and handle the personal data (such as names and addresses) of European citizens. The agreement is a policy compromise set up in response to a European directive that differed from traditional business procedures for U.S. companies dealing with the E.U. In 1998, the E.U. established the European Commission Directive on Data Protection, which prohibited data transfer to non-European countries that did not adhere to stringent criteria. In effect, because the guidelines were very strict, they made it illegal to transfer most citizens' personal data outside of Europe.
Safe Harbor stipulations require that: companies collecting personal data must inform people that the data is being gathered, and tell them what will be done with it; they must obtain permission to pass on the information to a third party; they must allow people access to the data gathered; data integrity and security must be assured; and a means of enforcing compliance must be guaranteed.
The agreement establishes a framework for a compromise solution between U.S. and E.U. privacy procedures. All 15 member countries are subject to the agreement, which means that data transfers can proceed without requiring individual authorization. U.S. companies that don't join Safe Harbor must obtain authorization separately from each European country. E.U. organizations can check a list of U.S. companies that have joined the collective to ensure that the Safe Harbor Privacy Principles will be adhered to.