Safe harbor (law)

Last updated

A safe harbor is a provision of a statute or a regulation that specifies that certain conduct will be deemed not to violate a given rule. It is usually found in connection with a more-vague, overall standard. By contrast, "unsafe harbors" describe conduct that will be deemed to violate the rule.

Contents

For example, in the context of a statute that requires drivers to "not drive recklessly", a clause specifying that "driving under 25 miles per hour will be conclusively deemed not to constitute reckless driving" is a "safe harbor". Likewise, a clause saying that "driving over 90 miles per hour will be conclusively deemed to constitute reckless driving" would be an "unsafe harbor". In this example, driving between 25 miles per hour and 90 miles per hour would fall outside of either a safe harbor or an unsafe harbor, and would thus be left to be judged according to the vague "reckless" standard.

Theoretical justifications

Safe harbors have been promoted by legal writers as reducing the uncertainty created by simply employing a vague standard (such as "recklessness"). [1] On the other hand, this type of rule formulation also avoids the problem of creating a precise rule that leaves a judge with no available discretion to allow for "hard cases". [2] :14–21 In theory, the safe harbor formulation can combine the virtues of vague standards and precise rules, allowing legislatures to prescribe with certainty the advance outcome for specific foreseeable cases, and to leave to judges to decide the cases that remain. [2] :16–18

Criticisms

Safe harbors can create precise rules that will be applied in unintended ways. For example, driving under 25 miles per hour in a 60 MPH zone when not required by traffic or other conditions could be reckless driving.

United States

Safe harbor provisions appear in a number of laws and in many contracts. An example of safe harbor in a real estate transaction is the performance of a Phase I Environmental Site Assessment by a property purchaser: creating a "safe harbor" protecting the new owner if, in the future, contamination caused by a prior owner is found. Another common use of safe harbor is to protect management of a corporation from liability for making financial projections and forecasts in good faith. [3]

The Digital Millennium Copyright Act (DMCA) has notable safe-harbor provisions which protect Internet service providers from the consequences of their users' actions. (Similarly, the EU directive on electronic commerce provides a similar provision of "mere conduit" which, while not exactly the same, serves much the same function as the DMCA safe harbor in this instance.)

In the context of the environmental protection, a voluntary safe harbor agreement can be undertaken between property owners and the United States Fish and Wildlife Service (FWS) or the National Oceanic and Atmospheric Administration (NOAA) under which a property owner undertakes actions that protect and aid the recovery an endangered species protected under the Endangered Species Act with habitat on their property. In exchange, the FWS or NOAA promises not to require any additional or different conservation activities on the property without the property holder's consent. When the agreement expires, the property owner is permitted to return the landscape to its original baseline condition if they so desire. [4]

Safe harbor laws are being used across the United States to address how children are treated when they become victims of human trafficking and commercial sexual exploitation of children (CSEC). These laws are being used in New York, Florida and 20 other states (as of 2014) to "address the inconsistent treatment" that children receive after they are exploited sexually. The laws are used to ensure exploited children are treated as "victims", not as "criminals". [5]

European Union

There is an example of a safe harbor decision in reference to the EU Data Protection Directive. The Directive sets comparatively strict privacy protections for EU citizens. It prohibits European firms from transferring personal data to overseas jurisdictions with weaker privacy laws. Five years later, a decision created exceptions where foreign recipients of the data voluntarily agreed to meet EU standards under the International Safe Harbor Privacy Principles. In October 2015, following a court decision by the Court of Justice of the European Union, the safe harbor agreement between the EU and US was declared invalid on the grounds that the US was not supplying an equally adequate level of protection against surveillance for data being transferred there.

India

Safe harbor rules are part of the taxation laws in India under which multinational companies declaring certain minimum operational profits will not be subject to rigorous transfer pricing audits. [6] The rules were issued in June 2017 amending the earlier notification from 2013. The current safe harbor rules lower the minimum operation profits declared by software development and ITeS companies, to avoid an audit, to 17-18% depending on the previous year's turnover. For KPO companies, safe harbor rates are set at 18-24%. [7] These rates are effective for the Assessment Years 2017–18 to 2019–20.

See also

Related Research Articles

Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data privacy or data protection.

<span class="mw-page-title-main">Data Protection Directive</span> EU directive on the processing of personal data

The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, was a European Union directive which regulated the processing of personal data within the European Union (EU) and the free movement of such data. The Data Protection Directive was an important component of EU privacy and human rights law.

Anti-circumvention refers to laws which prohibit the circumvention of technological barriers for using a digital good in certain ways which the rightsholders do not wish to allow. The requirement for anti-circumvention laws was globalized in 1996 with the creation of the World Intellectual Property Organization's Copyright Treaty.

A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.

A safe harbor or harbour is literally a "place of shelter and safety, esp. for ships". It is used in many contexts:

Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person.

Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.

The International Safe Harbor Privacy Principles or Safe Harbour Privacy Principles were principles developed between 1998 and 2000 in order to prevent private organizations within the European Union or United States which store customer data from accidentally disclosing or losing personal information. They were overturned on October 6, 2015, by the European Court of Justice (ECJ), which enabled some US companies to comply with privacy laws protecting European Union and Swiss citizens. US companies storing customer data could self-certify that they adhered to 7 principles, to comply with the EU Data Protection Directive and with Swiss requirements. The US Department of Commerce developed privacy frameworks in conjunction with both the European Union and the Federal Data Protection and Information Commissioner of Switzerland.

Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public or private organisations, or other individuals. It also applies in the commercial sector to things like trade secrets and the liability that directors, officers, and employees have when handing sensitive information.

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

<span class="mw-page-title-main">Online Copyright Infringement Liability Limitation Act</span> 1998 U.S. federal law

The Online Copyright Infringement Liability Limitation Act (OCILLA) is United States federal law that creates a conditional 'safe harbor' for online service providers (OSP), a group which includes Internet service providers (ISP) and other Internet intermediaries, by shielding them for their own acts of direct copyright infringement as well as shielding them from potential secondary liability for the infringing acts of others. OCILLA was passed as a part of the 1998 Digital Millennium Copyright Act (DMCA) and is sometimes referred to as the "Safe Harbor" provision or as "DMCA 512" because it added Section 512 to Title 17 of the United States Code. By exempting Internet intermediaries from copyright infringement liability provided they follow certain rules, OCILLA attempts to strike a balance between the competing interests of copyright owners and digital users.

<span class="mw-page-title-main">Digital Millennium Copyright Act</span> United States copyright law

The Digital Millennium Copyright Act (DMCA) is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO). It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works. It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself. In addition, the DMCA heightens the penalties for copyright infringement on the Internet. Passed on October 12, 1998, by a unanimous vote in the United States Senate and signed into law by President Bill Clinton on October 28, 1998, the DMCA amended Title 17 of the United States Code to extend the reach of copyright, while limiting the liability of the providers of online services for copyright infringement by their users.

Notice and take down is a process operated by online hosts in response to court orders or allegations that content is illegal. Content is removed by the host following notice. Notice and take down is widely operated in relation to copyright infringement, as well as for libel and other illegal content. In United States and European Union law, notice and takedown is mandated as part of limited liability, or safe harbour, provisions for online hosts. As a condition for limited liability online hosts must expeditiously remove or disable access to content they host when they are notified of the alleged illegality.

The German Bundesdatenschutzgesetz (BDSG) is a federal data protection act, that together with the data protection acts of the German federated states and other area-specific regulations, governs the exposure of personal data, which are manually processed or stored in IT systems.

The Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security is an international agreement between the United States of America and the European Union that was signed on 14 December 2011 for the purpose of providing passenger name records (PNR) from air carriers operating passenger flights to the United States Department of Homeland Security to "ensure security and to protect the life and safety of the public".

<i>Columbia Pictures Industries, Inc. v. Fung</i>

Columbia Pictures Industries, Inc. v. Fung 710 F.3d 1020 No. 10-55946, was a United States Court of Appeals for the Ninth Circuit case in which seven film studios including Columbia Pictures Industries, Inc., Disney and Twentieth Century Fox sued Gary Fung, the owner of isoHunt Web Technologies, Inc., for contributory infringement of their copyrighted works. The panel affirmed in part and vacated in part the decision of United States District Court for the Central District of California that the services and websites offered by isoHunt Web Technologies allowed third parties to download infringing copies of Columbia's works. Ultimately, Fung had "red flag knowledge" of the infringing activity on his systems, and therefore IsoHunt was held ineligible for the Digital Millennium Copyright Act § 512(c) safe harbor.

<span class="mw-page-title-main">Max Schrems</span> Austrian author and privacy activist

Maximilian Schrems is an Austrian activist, lawyer, and author who became known for campaigns against Facebook for its privacy violations, including violations of European privacy laws and the alleged transfer of personal data to the US National Security Agency (NSA) as part of the NSA's PRISM program. Schrems is the founder of NOYB – European Center for Digital Rights.

The EU–US Privacy Shield was a legal framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. One of its purposes was to enable US companies to more easily receive personal data from EU entities under EU privacy laws meant to protect European Union citizens. The EU–US Privacy Shield went into effect on 12 July 2016 following its approval by the European Commission. It was put in place to replace the International Safe Harbor Privacy Principles, which were declared invalid by the European Court of Justice in October 2015. The ECJ declared the EU–US Privacy Shield invalid on 16 July 2020, in the case known as Schrems II. In 2022, leaders of the US and EU announced that a new data transfer framework called the Trans-Atlantic Data Privacy Framework had been agreed to in principle, replacing Privacy Shield. However, it is uncertain what changes will be necessary or adequate for this to succeed without facing additional legal challenges.

Contributory copyright infringement is a way of imposing secondary liability for infringement of a copyright. It is a means by which a person may be held liable for copyright infringement even though he or she did not directly engage in the infringing activity. In the United States, the Copyright Act does not itself impose liability for contributory infringement expressly. It is one of the two forms of secondary liability apart from vicarious liability. Contributory infringement is understood to be a form of infringement in which a person is not directly violating a copyright but induces or authorises another person to directly infringe the copyright.

<span class="mw-page-title-main">NOYB</span> European data protection advocacy group

NOYB – European Center for Digital Rights is a non-profit organization based in Vienna, Austria established in 2017 with a pan-European focus. Co-founded by Austrian lawyer and privacy activist Max Schrems, NOYB aims to launch strategic court cases and media initiatives in support of the General Data Protection Regulation (GDPR), the proposed ePrivacy Regulation, and information privacy in general. The organisation was established after a funding period during which it has raised annual donations of €250,000 by supporting members. Currently, NOYB is financed by more than 4,400 supporting members.

References

  1. Swire, Peter (1993), "Safe Harbors and a Proposal to Improve the Community Reinvestment Act", Virginia Law Review , vol. 79, no. 349
  2. 1 2 Stumpff, Andrew Morrison (July 18, 2013), Case Law, Systematic Law, and a Very Modest Suggestion, doi:10.2139/ssrn.2295245, SSRN   2295245
  3. https://www.investopedia.com/terms/s/safeharbor.asp
  4. "Safe Harbor Agreements for Private Landowners" (PDF). U.S. Fish and Wildlife Service. July 2011. Retrieved February 27, 2017.PD-icon.svg This article incorporates text from this source, which is in the public domain .
  5. Trudy Novicki. "Addressing Human Trafficking – Unifying the Response to Commercial Sexual Exploitation of Children". CSEC Response.
  6. Prasad, Gireesh Chandra (June 8, 2017). "Income tax dept rationalises 'safe harbour' rates for MNCs". livemint.com/. Retrieved August 29, 2017.
  7. "KPMG" (PDF).
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.