Date of publication: November 2016
The Privacy Shield was adopted by the European Commission on 12th July 2016 following the decision of the European Court of Justice to invalidate the previous Safe Harbor Framework governing transfers of personal data from the European Union to the United States.
The Privacy Shield is intended to increase the protection of personal data transferred from the EU to the US, and to facilitate a right to redress for data subjects whose personal data has been processed in a manner that is inconsistent with EU privacy laws.
As with the Safe Harbor regime, participating US organisations must self-certify their compliance to EU standards of data processing within their business activities, subject to which they are legally allowed to share data with EU organisations.
Under the new regime US organisations need to meet the following compliance measures:
It should be noted that in connection with Privacy Shield, the US government has agreed in principle to assisting in the prevention of mass surveillance of EU personal data, however it remains to be seen as to how achievable this is in practice having regard to US national security concerns.
Only certain organisations are entitled to self-certify under the Privacy Shield framework. US businesses who wish to join must be subject to the Federal Trade Commission or the Department of Transport (as appropriate). If a US business receives personal data from any EU member state, then in order to self-certify it must show that it has adequate measures in place to comply with EU privacy laws, which for the UK means the Data Protection Act 1998.
In order to join the list of Privacy Shield certified organisations, application organisations must demonstrate compliance with the principles of the Privacy Shield as follows:
Participating organisations are expected to self-regulate their activities through verification, dispute resolution and provision of remedies. As part of this process, any complaints received must be responded to within 45 days by the appointed handler.
If you are considering signing up to Privacy Shield or require information or assistance about your obligations under EU privacy laws, then please contact Ben Robson at email@example.com or on +44 (0)207 067 4300.
Disclaimer: This note does not contain a full statement of the law and it does not constitute legal advice. Please seek legal advice if you have any questions about the information set out above.
Copyright © 2013 - Oury Clark.