Tags: EU

What is the US-EU Safe Harbor Program and its Importance for Doing Business?

What is the US-EU Safe Harbor Program and its Importance for Doing Business?

Beyond • December 1, 2015

The Data Protection law formulated by the European Commission in 1998 prohibits the transfer of personal data of European citizens to other countries that do not meet privacy protection standards. To comply with this directive, the U.S. Department of Commerce and the EU developed the Safe Harbor Program. It was designed to help to protect the privacy and integrity of the personal information collected and processed by U.S. companies. It allowed companies to self-certify that they would protect EU citizens’ data when transferred to servers and data centers located in U.S. U.S companies should adhere to 7 principles for Safe Harbor certification: Must inform customers the purpose of collecting information about them and the choices and means the organization offers individuals for limiting its use and disclosure. They should also inform the type of third parties they share their information with and how to contact the organization with any inquiries or complaints. Provide clear and affordable mechanism for the users to choose how the information they provide will be disclosed to third parties. Before sharing any personal information with a third party, an organization must see to it that they follow the above two principles. They must also ensure that the third party subscribes to the Safe Harbor Principles. Organizations involved in collecting, processing and the maintenance of users personal data should protect it from misuse, loss, alteration and unauthorized access. An organization should use the information only for the purpose for which it has been collected and should be responsible for keeping it updated and current. Individuals should also have access to the information they provide to the company to an extent. The access may depend on the nature and sensitivity of the information collected. Companies must also include the mechanism for assuring compliance with Safe Harbor Principles and a course of action for the organizations not following it. How does it help with doing business? Curious why so many companies joined Safe Harbor? Or why they chose Safe Harbor over other cross-border data transfer restrictions? Brian Hengesbaugh, a partner in the Chicago office of Baker & McKenzie, said, “It is better suited for online data transfer as it doesn’t require to obtain the consent from the website visitors or enter into bilateral agreements again and again.“ It also helps to avoid the administrative burden of maintaining model contracts and executing new contracts to cover new affiliates for business. Some of the key factors that drove U.S companies to join Safe Harbor were increased demand of cross-border data transfer and reliable solution for implementing data scrutiny. Among other benefits, it also enhanced brand reputation and EU customer satisfaction.


Read More
Benchmark Email and EU Safe Harbor Certification

Benchmark Email and EU Safe Harbor Certification

Beyond • November 29, 2015

After 15 years of successful data transfer based on Safe Harbor Principles, the European courts recently rendered it illegal. Safe Harbor was one of the approaches U.S companies adopted to successfully address the concerns of data security for European citizens. A deadline has been set for the end of January for EU and US authorities to come up with an alternative, which we believe they will accomplish. Meanwhile, we would like to assure you that Benchmark Email strictly complies with the Safe Harbor Principles as stated in our privacy policy. As the European courts have ruled the Safe Harbor agreement is no longer valid, we may update this page. We will continue to adhere to these principles, so if you are already with Benchmark your data and that of your customers or recipients are safe and secure. This invalidation will not affect our services, so you can continue to use Benchmark Email confidently. Those who are new to Benchmark Email can review our terms and policies to gain an understanding of how we protect our customers data. Please contact us at support@benchmarkemail.com for further clarification.


Read More
How The EU’s New Email Privacy Laws Might Affect Your Campaigns

How The EU’s New Email Privacy Laws Might Affect Your Campaigns

Beyond • November 11, 2010

The European Union (EU) unveiled a series of proposals on November 4, 2010, that significantly revise its notorious Data Protection Directive. The changes could conceivably impact email marketers with subscribers in any of the EU\'s 27 member countries. \"The Right To Be Forgotten\" Also Applies To Email Subscribers The essence of the EU\'s new legislation was covered about a month ago in \"Cookie Monster: How The New EU Regulations Impact Email Marketers\". Since that time, the EU\'s introduced new proposals that include a regulation that can be summed up as \"the right to be forgotten.\" The legislation is directly crafted to apply primarily to social networks such as Facebook where the EU laws would require a simple, bold button that would indelibly and permanently erase all of the user\'s data from the site. This would allow the user to effectively delete any signs of their previous presence on the site when they quit the network. You May Have to Delete All of a Subscriber\'s Personal Data These new regulations impact email marketers as well in that they apply to any customer data held by businesses. It seems as if the EU is heading towards mandating a similarly simple and bold button on each of your outgoing emails that would allow the European customer to not only unsubscribe, but ensure that all of their personal data that is held by you is to be deleted from all of your systems. How the EU would enforce such a mandate on companies that are registered in the United States and have the data on servers outside the EU is not yet clear. These Rules Will Apply Right Across All 27 EU Member Nations To date, the EU\'s various data protection regulations have been implemented in a haphazard manner across the member states. Some countries have chosen to implement modified versions of the laws, while others have not enforced any of them. Many email marketers have not taken this legislation seriously due to the internal discrepancies in its international administration. The EU has taken steps to close those loopholes and thus force its member states to homogenously adopt the rules. The EU\'s latest revisions address those inconsistencies with a clear statement that these regulations will mark a \"consistent application of data protection rules across the Single Market.\" Voluminous Legal \"Consumer Information\" Text On Your Signup Forms The EU\'s revisions also include legislation so that \"collection and use of personal data is limited to the minimum necessary. Individuals should also be clearly informed in a transparent way on how, why, by whom, and for how long their data is collected and used.\" These clauses take the EU\'s regulations beyond any existing laws, as the definition of the information that must be provided to all subscribers upon signup is significantly more extensive than any currently contemplated. This could equate to having to include voluminous legal \"consumer information\" text on your signup forms accessible to all of your European customers. The EU\'s review process for its data protection regulations will end on January 15, 2011, and the laws may implemented as early as just a couple of months later. These developments bear close scrutiny by any email marketer with subscribers within the EU\'s member nations, as the fines for violation could be considerable.


Read More