EU Safe Harbor (is the European Commission's Directive on Data Protection that went into effect in October 1998 and prohibits the transfer of personal data to non-European Union countries that do not meet the European Union (EU) "adequacy" standard for privacy protection. While the United States and the EU share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the EU.
Safe Harbor stipulations require that: companies collecting personal data must inform people that the data is being gathered, and tell them what will be done with it; they must obtain permission to pass on the information to a third party; they must allow people access to the data gathered; data integrity and security must be assured; and a means of enforcing compliance must be guaranteed.
The Safe Harbor directive was intended to provide a means for US companies to prove adequacy in their safe handling of private personal information of EU citizens, in accordance with EU standards. The directive was necessary since the vast chasm that exists between US rules, regulations and laws and those of the EU could never realistically be bridged on a national level.
"Uncertainty regarding the EU Safe Harbor Agreement occurred with a suit filed against the legality of Facebook's handling of personal information. Uncertainty remains at this time. Contract Guardian continues to employ good information governance practices and will address how the EU ultimately decides to define their data privacy standards.."