Richard Purcell, Microsoft's director of Corporate Privacy, said:
"Microsoft has a worldwide commitment to protecting our customers' privacy and providing them with control over personal information. This commitment to stateside and international data protection policies, as defined by the Fair Information Principles, is well established. Because our company privacy policies are consistent with the EU principles for data protection, Microsoft is able to sign the Safe Harbour Agreement with the U.S. Department of Commerce this summer."
The EU Directive on Data Protection states that for those countries outside the EU whose privacy practices are not deemed "adequate," which includes the US, transfers of personal information from Europe to those countries would be stopped. To ensure that personal data flows to the US are not interrupted, the US Department of Commerce (under the Clinton administration) and the European Commission developed the Safe Harbor framework that allows US organisations to satisfy the European Directive's requirements.
US organisations that decide to participate in the Safe Harbour Agreement must comply with its requirements and publicly declare that they do so by signing up with the US. Department of Commerce. Although the decision by US organisations to participate is voluntary, organisations that transfer data from the EU to the United States without complying may be subject to enforcement actions in Europe.