March 1, 2016

EU-U.S. Privacy Shield Details Announced

+ Follow Contact

Send

Embed

The full text of the EU-U.S. Privacy Shield (“Privacy Shield”) framework is now available. Privacy Shield was “designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.” (See Fact Sheet)

Below is a non-exhaustive list of “quick facts” about Privacy Shield:

It remains a voluntary self-certification program, similar to the now defunct Safe Harbor program.
Applications for certification are not currently being accepted. The Department of Commerce will begin accepting applications for certification pending the European Commission’s adequacy determination. This approval process is underway. No word yet on the cost of self-certification.
The Privacy Shield Principles are anchored on the following concepts: notice; choice; accountability for onward transfer; security, data integrity and purpose limitation; access; recourse, enforcement and liability. In addition, there is a section entitled “Supplemental Principles” which covers topics such as sensitive data and human resources data.
Individuals may bring a complaint directly to a Privacy Shield participant and the participant must respond to the individual within 45 days.
Privacy Shield participants must also commit to binding arbitration at the request of the individual to address any complaint that has not been resolved by other recourse and enforcement mechanisms.
Expect greater involvement of the Department of Commerce as well as Federal Trade Commission with respect to oversight, supervision and enforcement.
Privacy Shield participants must include certain information on their websites related to the program (e.g., access and correction rights, whether personal information is disclosed to public authorities, and information about the independent recourse mechanism).

For more information, read the AGG Alert by my colleagues Kevin Coy and Gene Burd.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Written by:

Arnall Golden Gregory LLP

Contact + Follow

Montserrat Miller

+ Follow

less

Published In:

+ Follow

EU-US Privacy Shield

+ Follow

European Commission

+ Follow

Federal Trade Commission (FTC)

+ Follow

International Data Transfers

+ Follow

Popular

+ Follow

U.S. Commerce Department

+ Follow

General Business

+ Follow

Elections & Politics

+ Follow

International Trade

+ Follow

Privacy

+ Follow

Science, Computers & Technology

+ Follow

less

Arnall Golden Gregory LLP on:

EU-U.S. Privacy Shield Details Announced

Related Posts

Latest Posts

Written by:

Published In:

Arnall Golden Gregory LLP on:

"My best business intelligence, in one easy email…"