Skip to Content


Information for Certification Under FAQ 6 of the Safe Harbor Privacy Principles

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble


Proposed collection; comment request.


The Department of Commerce, as part of its continuing effort to reduce paperwork and respondent burdens, invites the general public and other Federal agencies to take this opportunity to comment on the continuing information collections, as required by the Paperwork Reduction Act of 1995, Public Law 104-13 (44 U.S.C. 35068 (2)(A)).


Written comments must be submitted on or before January 8, 2001.


Direct all written comments to Madeleine Clayton, Departmental Forms Clearance Officer, Department of Commerce, Room 6086, 14th & Constitution Avenue, NW, Washington, DC 20230 (or via the Internet at

Start Further Info


Request for additional information or copies of the information collection instrument and instructions should be directed to: Jeff Rohlmeier, Trade Development, Room 2011, 14th & Constitution Avenue, NW, Washington, DC 20230; Phone number: (202) 482-1614 and fax number: (202) 501-2548.

End Further Info End Preamble Start Supplemental Information


I. Abstract

In response to the European Commission Directive on Data Protection that restricts transfers of personal information from Europe to countries whose privacy practices are not deemed “adequate,” the U.S. Department of Commerce has developed a “safe harbor” framework that will allow U.S. organizations to satisfy the European Directive's requirements and ensure that personal data flows to the United States are not interrupted. In this process, the Department of Commerce repeatedly consulted with U.S. organizations affected by the European directive and interested non-government organizations.

On July 27, 2000, the European Commission issued its decision, in accordance with Article 25.6 of the Directive, that the Safe Harbor Privacy Principles provide adequate privacy protection. The safe harbor framework bridges the differences between the European Union (EU) and U.S. approaches to privacy protection. Under the safe harbor privacy framework, information is being collected in order to create a list of the organizations that have self-certified to the Principles.

Organizations that have signed up to this list are deemed “adequate” under the Directive and do not have to provide further documentation to European officials. This list will be used by European Union organizations to determine whether further information and contracts will be needed for a U.S. organization to receive personally identifiable information. The decision to enter the safe harbor is entirely voluntary. Organizations that decide to participate in the safe harbor must comply with the safe harbor's requirements and publicly declare that they do so.

To be assured of safe harbor benefits, an organization needs to self certify annually to the Department of Commerce, in writing, that it agrees to adhere to the safe harbor's requirements, which includes elements such as notice, choice, access, and enforcement. It must also state in its published privacy policy statement that it adheres to the safe harbor.

This list will be used by European Union organizations to determine whether further information and contracts will be needed by a U.S. organization to receive personally identifiable information. It will be used by the European Data Protection Authorities to determine whether a company is providing “adequate” protection, and whether a company has requested to cooperate with the Data Protection Authority.

The list will also be accessed when there is a complaint logged in the EU against a U.S. organization, and used by the Federal Trade Commission and the Department of Transportation to determine whether a company is part of the safe harbor. It will be accessed if a company is practicing “unfair and deceptive” practices and has misrepresented itself to the public. In addition, the list will be used by the Department of Commerce and the European Commission to determine if organizations are signing up to the list on a regular basis.

II. Method of Collection

The information collection form will be provided via the Internet at​SafeHarbor and by mail to requesting U.S. firms.

III. Data

OMB Number: 0625-0239.

Form Number: N/A.

Type of Review: Regular submission.

Affected Public: Business or other for-profit organizations.

Estimated Number of Respondents: 1,500.

Estimated Time Per Response: 20 minutes—website; and 40 minutes—letter.

Estimated Total Annual Burden Hours: 550 hours.

Estimated Total Annual Costs to Public: $19,0250.

IV. Request for Comments

Comments are invited on: (a) Whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information shall have Start Printed Page 66691practical utility; (b) the accuracy of the agency's estimate of the burden (including hours and costs) of the proposed collection of information; (c) ways to enhance the quality, utility, and clarity of the information to be collected; and (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or forms of information technology.

Comments submitted in response to this notice will be summarized and/or included in the request for OMB approval of this information collection; they also will become a matter of public record.

Start Signature

Dated: November 1, 2000.

Gwellnar Banks,

Management Analyst, Office of the Chief Information Officer.

End Signature End Supplemental Information

[FR Doc. 00-28474 Filed 11-6-00; 8:45 am]