>> Note that the US is *not* on the list of countries with an adequate
>> level of protection...
>
> There exists a solution to this called the US Safe Harbor Framework:
> http://www.export.gov/safeharbor/eu/eg_main_018365.asp
Sort of.
"Safe Harbor" is only available to US organisations, so you need to check
that you're actually covered. Then it gets interesting[1]...
SH is largely based on self-certification, and apparently isn't being
audited all that carefully. Exporting data from the EEA to a
self-certified but non-conforming organisation is a legal minefield - in
essence, you're almost certainly in breach of the DPA.
So yes - there is a mechanism there, but I'd want an awful lot of good
lawyering before I'd use it.
Vic.
[1] See, for example,
http://www.out-law.com/page-11060
