On April 12, 2013, the Department of Commerce’s International Trade Administration (“ITA”) issued a guidance document to clarify how the U.S.-European Union Safe Harbor Framework facilitates the transfer of personal data from the European Union to the United States in the cloud computing context. The document underscores that the U.S.- European Union Safe Harbor Framework is an officially recognized means of complying with the adequacy requirement of EU Data Protection Directive 95/46/EC. ITA has received a number of inquiries from Safe Harbor participants indicating that they (and their EU clients, customers and partners) have heard conflicting information and are unsure about how the Safe Harbor Framework may enable data transfers to cloud service providers in the United States.
In an effort to address such uncertainties, ITA has prepared this guidance document detailing various aspects of the Safe Harbor Framework and how they apply to the cloud computing sector. The guidance is meant to provide both current and prospective participants in the U.S.-EU Safe Harbor program with a resource to consult regarding concerns related to the interplay between the Safe Harbor Framework and cloud computing.