Do You Want Milk with Those Cookies? Complying with the Safe Harbor Privacy Principles

This Note discusses the Safe Harbor Agreement between the United States and the European Union. Certifying to the Safe Harbor grants companies a presumption of "adequacy" for purposes of the European Union's Council Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (Data Protection Directive). This Note attempts to provide a foundation for understanding why and how the Safe Harbor was created. This Note explains how and why available information acquisition techniques, both voluntary and involuntary, are frequently employed by Web sites. It provides an overview of how consumers' privacy expectations regarding commercial and governmental use of personal information compare to and differ from actual privacy rights in the United States. This Note then summarizes the European Union's Data Protection Directive, and its implementation in Member States. It discusses previous attempts at Internet regulation in the United States. In addition, it analyzes the requirements of the Safe Harbor Agreement and the steps companies will need to take to comply with the Safe Harbor Agreement.