Peter Fleischer writes:
Why is the Safe Harbor framework still relevant? Here’s a reminder: the Safe Harbor framework was created because of a quirk in European law dating from 1995 that divided the countries of the world into so-called “adequate” and not-“adequate”, in terms of having European style data protection. Countries like the US and Japan are not currently deemed to have “adequate” protections under EU law, but other countries like Argentina and Mexico and Israel are. It’s a fair question whether the criteria to assess “adequacy” are themselves realistic or out-dated. Essentially, the criteria area formalistic: e.g., does a country have a European-style “independent data protection authority” and European-style “comprehensive” privacy legislation? So, countries that do not, like Japan and the US, are not deemed to have “adequate” data protection, but countries like Mexico, Argentina or Israel are. The Safe Harbor framework constitutes an “adequacy” regime for the US-based companies that comply with it. Therefore, the Safe Harbor framework is a partial solution to a bigger “adequacy” problem.
Read more on Peter Fleischer: Privacy…?