Dear Colleagues:
 

I am pleased to announce that, on May 31, 2000, the European Union Member States voted unanimously to approve the U.S. proposed safe harbor principles. The European Parliament must now review the arrangement before the European Commission can issue the decision; we expect the Parliament's review to be completed early this summer. This accomplishment is the result of more than two years of high level discussions between the United States and the European Union to develop principles that would provide adequate privacy protection and ensure that data transfers from the European Union continue.
 

Data transfers are the life blood of many organizations and the underpinnings for all of electronic commerce. The 1998 European Commission Directive on data privacy prohibits the transfer of personal data to non-EU countries that do not meet the EU's standard for adequate privacy protection. This rule covers all industry sectors and virtually all personal data. The trade implications for countries such as the United States, which receive a significant number of data transfers from European countries, are serious.
 

Without the safe harbor, corporations would find it difficult to run multinational operations. Basic information about their employees would not be transferable to the United States. Accountants would not be able to perform consolidated audits for multinational firms with offices. Recognizing these consequences, we have worked closely with the U.S. private sector to develop clear and predictable guidance to U.S. organizations that would enable them to comply with the requirements of this directive.
 

We are posting today the package of safe harbor principles and frequently asked questions (FAQs) approved by the European Member States for your information. We will continue to consult with Congress and the private sector on all aspects of the arrangement, including future implementation. Because more time is needed to examine recent developments in U.S. laws and regulations governing privacy in the financial services sector, the Department of Treasury in consultation with the Department of Commerce will continue working with the European Commission with the goal of bringing the benefits of the safe harbor to the financial services sector. We do not anticipate interruptions in data flows while we continue our good faith efforts to resolve these issues.
 

Sincerely,

Robert S. LaRussa
Acting Under Secretary for International Trade Administration
 
 

Note: These are the document versions that were approved by the Member States and submitted to the Parliament for its review. These are the final texts, aside from minor editing that may be necessary for internal consistency, etc.
 

Attachments:

A: Draft International Safe Harbor Principles
 

B: Draft Frequently Asked Questions

1. Sensitive Data

2. Journalistic Exceptions

3. Secondary Liability

4. Investment Banking and Audits

5. The Role of Data Protection Authorities

6. Self-Certification

7. Verification

8. Access

9. Human Resources

10. Article 17 contracts

11. Dispute Resolution and Enforcement

12. Choice - Timing of Opt-out

13. Travel Information

14. Pharmaceutical and Medical Products

15. Public Record and Publicly Available Information
 

C. Letter from U.S. Department of Commerce to Commission Services transmitting safe harbor principles and FAQs, etc.
 

D. Text of Article 25.6 Decision
 

E. Letter from Commission Services to U.S. Department of Commerce transmitting the Article 25.6 decision, etc.
 

Please direct any questions to Becky Richards at Rebecca _Richards@ita.doc.gov or 202-482-5227.