Skip to main content

European Union Safe Harbor Policy

BayBiotech.NET

The European Commission’s Directive on Data Protection w.e.f.October of 1998 prohibits the transfer of personal data to non-European Union nations that do not meet the European “adequacy” standard for privacy protection of the personal data. For purposes of the policy, "personal information" means information that:

 is transferred from the European Union to the United States;
 is recorded in any form;
 is about, or pertains to, a specific individual or can be linked to that individual.
While both the United States and the European Union share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the European Union.
With a goal to bridge the different privacy approaches between the United States and European Union and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "Safe Harbor" framework to provide the information an organization should need to evaluate – and then join – the Safe Harbor.
Safe Harbor Directive applies to all personal information that is handled by an organization, including on-line, off-line, and manually processed data.

Where the company receives personal information from its subsidiaries, affiliates, or other entities in the EU, the company will use and disclose such information in accordance with the purposes for which it was originally collected, or in accordance with the notices provided by such entities.
The company will provide notice and provide individuals with an opportunity to "opt out" if such personal information is to be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected.
For sensitive information, affirmative or explicit, the company will provide notice and individual choice will be given to "opt-in" if such sensitive information is to be disclosed to a third party or used for a purpose other than the purpose for which it was originally collected. In order to disclose such information, one must have individual’s permission to make the disclosure required by law or professional standards providing adequate level of privacy protection and is reasonably related to the sale or other disposition of the business.

For data security purposes, the organization must employ various physical, electronic, and managerial measures, designed to provide personal information with reasonable protection from accidental loss or destruction, improper use, alteration, or disclosure.

The EU’s Data Protection Directive, implemented in 1998, provides member states with the authority to block such transfers to countries whose privacy enforcement regime does not meet the directive’s requirements. Under the US-EU Safe Harbor Framework, the United States received an “adequacy” determination from the European Commission limited to those U.S. organizations that self-certified to Safe Harbor which allows data transfers to take place without prior approval.
To find out more about the Safe Harbor Framework and the qualification Checklist follow the link:
http://www.export.gov/safeharbor/

Comments

Popular posts from this blog

Harmonization by Doing (HBD): Japan & U.S. Collaboration

BayBiotech.NET HBD is an international cooperative effort by Japan and US for regulatory convergence for Medical Devices. The efforts are focused on to develop global clinical trials and address regulatory barriers for timely device approvals. To address the needs for additional evaluation, the HBD initiative is a pilot project launched jointly by FDA and MHLW-PMDA for the premarket review of device cardiovascular technology. Instead of taking a theoretical approach to harmonization, HBD is focused on Proof of concept by utilizing parallel development, application submissions and review of actual medical device projects. HBD Study intends to collect and analyze regulatory submission data from multiple applications in the U.S. and Japan. The purpose of the study is to further understand differences that may exist with format and content, to define best practices and to improve globally harmonized processes. To read more about the HBD program, follow the link: http://www.fda.gov/M...

Amendments for High Risk Device Type Regulatory Pathway

BayBiotech.NET Government Accounting Office (“GAO”) has issued a long-awaited report evaluating the use of the 510(k) process by the Food and Drug Administration (“FDA” or the “Agency”) in the January of 2009. Report mainly focused on Preamendment class III devices. Although most high-risk class III medical devices are subject to the demanding premarket approval (“PMA”) process, preamendment class III devices may be cleared through the 510(k) pathway until FDA issues regulations requiring a PMA. Under the Safe Medical Devices Act of 1990, FDA was required either to reclassify preamendment class III devices into class I or II, or (2) issue regulations requiring PMA approval for the devices, GAO noted that 20 preamendment class III device types have not yet been addressed by the Agency. GAO has urged FDA to take required steps to address the remaining class III devices that continue to be eligible for 510(k) review. As a result of the report, FDA has committed to address al...

Risk Based Clinical Monitoring

BayBiotech.NET FDA's recommendation of Risk Based Monitoring of Clinical Trials , as published in their Draft Guidance in August 2011. For the first time, FDA provided guidance on monitoring of clinical investigations in 1988 which was recently withdrawn, stated that the “most effective way” to monitor an investigation was to “maintain personal contact between the monitor and the investigator throughout the clinical investigation.” At the time the guidance was issued, sponsors had only limited ways to effect meaningful communication with investigators other than through on-site visits.   This guidance recommends an assessment by the sponsor for the need of 100% on-site monitoring. Such an assessment may be based on the complexity of the study protocol and not be generally applicable to all trial types. It explains the importance of remote monitoring facilitated by the use of electronic data capture system (EDC) and also emphasizes the need of the identifying crit...