Safe Harbor Privacy Principles


In order to collect personal data from European Union countries, businesses in the United States must self-certify that they comply with seven Safe Harbor Privacy Principles.

In this certification, businesses promise to:

  • Notify individuals about the collection of their personal data
  • Give them choices regarding certain uses of their personal data
  • Ensure the accuracy and integrity of their personal data
  • Allow access and if necessary, correction of their personal data
  • Protect the security of the personal data
  • Comply with restrictions on further transfers of the personal data
  • Provide an independent dispute resolution mechanism for privacy complaints concerning European personal data that they collect, receive or process

For more information about the Principles, please visit the Department of Commerce Safe Harbor website.