New Safe Harbor Process for Transfer of Personal Data Between US and EU

Tucker Arensberg, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

If your company does business in Europe — including by selling products or services or by employing or collecting information about European residents — and transfers information or data to the US, you must comply with new EU laws and regulations regarding the protection and transfer of personal data.  As of August 1, 2016, companies can register for the Privacy Shield program, which provides a safe harbor process for complying with EU requirements for the transfer of personal data from the EU to the US.

The Privacy Shield program is approved by the European Commission as a method for complying with EU law on data protection, and companies that sign up for the Privacy Shield program are deemed to provide adequate protection for the transfer of data.  The Privacy Shield program replaces the Safe Harbor Framework, which is no longer recognized as adequate to comply with EU law.  If your company formerly complied with EU law by implementing the Safe Harbor Framework, it is important that you register for and implement the Privacy Shield program immediately.

The Privacy Shield program is jointly administered by the United States Department of Commerce and the European Commission.  By registering for the program, companies must certify that they will comply with certain privacy principals and adopt minimum protections regarding personal data, such as:

— adopting a written privacy policy containing a declaration of the company’s commitment to the Privacy Shield principles;
— providing written notice to individuals about the use of their personal information and about any data breaches;
— informing individuals about their right to access their own personal data and the company’s obligation to disclose personal information in response to lawful request by public authorities;
— providing free resolution of disputes, typically through arbitration or mediation, regarding personal data;
— limiting the transfer, access to and retention of personal data;
— entering into written contracts with any third party data processors;
— implementing reasonable measures to ensure that data is adequately protected from unauthorized access or disclosure; and
— taking reasonable steps to prevent, stop and remediate unauthorized access to or processing of data.

Although participation in the Privacy Shield program is voluntarily, a company may violate US law if it fails to follow its own policies and procedures regarding the protection and transfer of personal information.  Thus, a company must carefully plan, implement and observe its data protection policies and procedures in order to maintain compliance with US and EU law.

You can learn more and register for the Privacy Shield program at https://www.privacyshield.gov

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Tucker Arensberg, P.C. | Attorney Advertising

Written by:

Tucker Arensberg, P.C.
Tucker Arensberg, P.C.
Contact
more
less

Tucker Arensberg, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide