Safe Harbor is the name of an agreement between the United States Department of Commerce and the European Union that regulated the way that U.S. companies could export and handle the personal data of European citizens.
The goal of Safe Harbor was to provide a single set of data protection requirements for transferring data across the borders of countries who joined the Safe Harbor collective. The agreement required that companies that collected personal data must inform people their data was being gathered, tell them what would be done with it, obtain permission to pass on the information to a third party, allow people access to the data gathered, ensure data integrity and security and provide a way to enforce compliance. Safe Harbor, which was established in 2000, was originally a compromise set up in response to the European Commission Directive on Data Protection.
In 2015, the European Court of Justice overturned the Safe Harbor agreement and ruled that each of the twenty-eight countries in the European Union should determine how their citizen's online information can be collected and used. While the decision did not automatically put an end to data transfers from Europe to the United States, it allowed each country's national regulators to suspend transfers if the company in the United States did not adequately protect user data.
In 2016, the European Commission and the U.S. Department of Commerce established the EU-US Privacy Shield, a new legal framework for transatlantic data flows, put in place to replace Safe Harbor.