Much has been written recently regarding the European commission’s latest report on the sufficiency of the US – EU safe harbor agreement. For the most part, the commentary seems to be focused on the impending doomof the Safe Harbor Framework. While there are a number of references to the “13 recommendations” to “save” safe harbor, further investigation into what those recommendations will actually require is limited. Consequently, the difficulty of implementing these “13 recommendations” really hasn’t been evaluated. While the lucky “13” may seem to be a lot, the more important question is: “how hard will it be to implement these recommendations?”

Fortunately, the Commission’s memo recognizes the value of safe harbor. While there are observed weaknesses within the framework, much of the memo’s foundation for criticism actually relies on research that is at least two years old (and some of which goes back as far as 2004). As a result, it may be more constructive to look at the safe harbor framework in light of the services that exist around the framework in the present time.

The safe harbor framework, as originally envisioned, has three functional components: the Department of Commerce, the Federal Trade Commission, and the EU panel. However, as is the case in many instances, companies who are participating in the framework have a fourth stakeholder as part of the framework. This fourth entity is the Trustmark. Trustmark’s operate certification services by which a company obtains an independent, third-party evaluation as to their compliance with Trustmark’s certification program requirements.

For purposes of the safe harbor framework, the certification criteria of the Trustmark gives additional granularity to how a participating company must implement the safe harbor principles. This additional guidance actually operates to support one of the complaints registered by the commissions memo. I think that with a more formal(ish) recognition of the role of a Trustmark in the Safe Harbor Framework, a number of the “13 Recommendations” can be easily implemented – if they are not already there.

As part of this series of blog postings, I will look at each of the specific recommendations through the lens of having a Trustmark as part of the Framework. In fact, Trustmarks are already part of the Framework. TRUSTe, which is the second largest provider of independent recourse mechanism services has a certification program which is directly related to Safe Harbor.

With the full disclosure that I used to be TRUSTe’s General Counsel; looking at the recommendations in light of how TRUSTe provides certification and dispute resolution services is quite informative as to the difficulty the “13 Recommendations” will provide.

Over the next few posts, I’ll look at the 4 major topical areas that the recommendations cover. Hopefully, by the end of this series, I will have laid out the reasons why I don’t think that the Safe Harbor Framework itself is at risk. This doesn’t mean that the issue of resource allocation by the US (or EU) government will be resolved; merely that the Framework is already capable of integrating the majority of the proposed recommendations.