1. Re. What kind of data is goverend by this agreement: All the news
about
the safe harbors mention that the agreement governs consumer data.
In the
FAQs under Human Ressource data it states that employee data is governed
as
well. I thhink it would be advisable not to talk about consumer data
if the
application of the agreement goes beyond that.
2. Re. Safe harbor principle "Onward Transfer": I think the Onward Transfer
Principle should be explained in more detail. The language of the proposed
agreement is too vague and the obligations of the transferor are not
specified. Many companies in the US might decide that the processing
of the
transferred data should be outsourced to a third party. Outsourcing
the data
processing will be a big issue and the safe harbors should give instructions
on how to proceed. The safe harbors should outline what the obligations
of
the US transferor are and whether it can be held liable for violations
of
the outsoured processor. It should further indicate whether the subsidiary
in the EU will be responsible for violations in the US as well. The
language
here does not state what the obligations on the transferor's side if
choice
has been given to the data subject. Is it possible for the transferor
to
outsource the data processing to a third person and with a contract
put all
the liablility for potential violations on the outsourcer?
3. Re. FAQ8 (Accesss priciple): Under question #5/g it is stated that
the
access might be restricted for a limited period. I think the language
should
give some indication about the meaning of "limited period". This might
be
crucial as succession planning is a center piece of a companies internal
strategy.
Best regards,
Jacob Springer
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
I am submitting comments to the safe harbor agreement:
The question I have is whether business-to-business data processing
falls
under the directive and thus is relevant under the safe harbor agreement.
As
B2B is the predominant form of business over the internet it would
be
helpful to find out from the EU authorities whether data processing
under
B2B qualifies under the Directive.
Sincerely,
Jacob Springer