US-EU Safe Harbor — Guidance and Resources

Published: April 2016

The US-EU Safe Harbor agreement between the European and United States, invalidated by the Court of Justice of the European Union in 2015, that allowed for the legal transfer of personal data between the EU and U.S. in the absence of a comprehensive adequacy decision for the United States. It was replaced by the EU-U.S. Privacy Shield in 2016.

Across 2015 and 2016, the IAPP published a series of Safe Harbor guidance resources, reports, web conferences and articles, which can be found below.


A Brief History of Safe Harbor (2000-2016)
This document, published by Ernst-Oliver Wilhelm, CIPP/E, CIPM, CIPT, FIP, provides a historical timeline of the EU-US Safe Harbor agreement.
Click To View (PDF)


Safe Harbor: Answers to All Your Questions
This five-part article series, published by Angelique Carson, provides answers to questions on the EU-US Safe Harbor agreement from IAPP members.


FTC Enforcement of the U.S.-EU Safe Harbor Framework
IAPP Westin Fellow Anna Myers, CIPP/US, offers this study examining the U.S. Federal Trade Commission’s Safe Harbor enforcement record for practices and trends that may inform its efforts under the new Privacy Shield. Looking at the number of the FTC’s privacy cases through the years, and specifically substantive versus technical violations, the report concludes that while the FTC’s enforcement of Safe Harbor was limited, so was European participation in providing referrals and forwarding complaints.
Click To View (PDF)


Safe Harbor — More Than Just a $200 Investment
This document, published by Ana Rodgers, CIPM, and Avani Desai, CIPP/US, provides insight on how Safe Harbor advanced beyond what was initially viewed as a simple $200 investment from an organization, into an agreement that regulators began performing audits upon and taking action against violations.
Click To View (PDF)