The transfer of data outside the UK or other EU countries is limited by data protection legislation to prevent transfers to countries without adequate data protection laws. The US has no equivalent legislation, instead relying on a self-regulatory system. Under the safe harbor, US companies can voluntarily adhere to a set of data protection principles to meet the requirements of the EU as regards transfers of data to the US.
Five businesses have to date signed up to the safe harbor. Two of these, Privacy Leaders and TRUSTe are involved in the provision of privacy services. The remaining three are Dun & Bradstreet, which provides company information, HealthMedia, which sells a product to help smokers kick the habit, and Adar International, which contacts creditors of bankrupt estates.
Dun & Bradstreet said that its biggest motivation for joining the safe harbor was that it already complies with the EU’s privacy rules. According to reports, most US companies have adopted a “wait and see” approach. There is still uncertainty over compliance costs, enforcement issues and a reluctance to act as a test-case.