Safe Harbor Program

The European Union Safe Harbor Program is growing at a faster pace than ever before. During the first seven years of its existence, the Program grew at a pace of less than 200 organizations per year. By comparison, during the first half of 2008, more than 200 new organizations registered with the Program.

As the number of organizations participating in the Program exceeds 1600, and searching the public registry for certified companies becomes increasingly unwieldy, the U.S. Department of Commerce has developed a certification mark allowing companies to demonstrate visibly their compliance with the Safe Harbor standards to European consumers and business partners. Companies will be able to display the certification mark on their web sites, similar to the manner in which companies display their Better Business Bureau or TRUSTe certification marks. More information is available at

The certification mark initiative comes as the Commerce Department prepares to launch a pilot project that, like the European Union Safe Harbor Program, would allow U.S. organizations receiving personal data across international borders to certify their compliance with the privacy principles developed by the 21-member Asia Pacific Economic Cooperation, with enforcement provided by the Federal Trade Commission. The pilot project could culminate in the adoption of a self-certifying framework for APEC in 2009.

European Union

The European Union’s Article 29 Working Party is expected to release further information this month on two of the mechanisms for satisfying the Data Protection Directive when transferring personal data outside of the EU. First, the Working Party is expected to publish a new alternative set of controller-to-processor model contract clauses. Second, the Article 29 Working Party is expected to release additional information on implementing Binding Corporate Rules, including the status of mutual recognition of BCRs by the data protection authorities of the EU member countries.

Meeting of Privacy Commissioners in Strasbourg

The 30th International Conference of Data Protection and Privacy Commissioners will convene next month in Strasbourg, France. This conference, held annually, brings together the privacy commissioners and data protection authorities of 78 countries for three days for a mix of public and private sessions. The theme for this year’s conference is “Protecting Privacy in a Borderless World.” Additional information is available at