March 22, 2016
(Note: This article is an update on our first article about Privacy Shield posted in the February 2016 edition of GZ News.)
~By Ted Haas, Global-Z Chief Marketing Officer (CMO)
On February 2nd, 2016 the US Department of Commerce and European Commission issued a press release that outlined some key changes to the EU-US Safe Harbor; now dubbed the “Privacy Shield.” This agreement replaces Safe Harbor, which was declared invalid on October 6th, 2015.
Here are some of the key updates since this major decision has been announced.
Overview: What is Privacy Shield?
- It is a robust framework under which personal data of EU individuals will be protected when it is transferred to the US.
- It replaces Safe Harbor –declared invalid by EU Court October 6th, 2015.
- It is a voluntary self-certification to the US Dept. of Commerce.
- Once a company publically commits to Privacy Shield, it is enforceable under US law.
- It includes multiple avenues of redress to resolve complaints.
- Privacy Shield companies must select an independent dispute resolution organization.
- Panel created by the EU Data Protection Authorities (DPA’s).
- Accredited organization in EU.
- Accredited organization in US.
- There are special provisions for HR personal information.
- It is a ‘living commitment’ with annual review.
- Privacy Shield will be effective with final approval of European Commission (est. June 2016).
7 Principles and 16 Supplemental Principles define the core provisions of the Privacy Shield framework.
- Accountability for Onward Transfer
- Data Integrity and Purpose Limitations
- Recourse, Enforcement and Liability
16 Supplemental Principles:
- Sensitive Data
- Journalistic exceptions
- Secondary Liability
- Performing Due Diligence and Conducting Audits
- Role of the Data Protection Authorities
- Self – Certification
- Human Resource Data
- Obligatory Contracts for Onward Transfers
- Dispute Resolution and Enforcement
- Choice-Timing of Opt Out
- Travel Information
- Pharmaceutical and Medical Products
- Public Record and Publicly Available Information
- Access Requests by Public Authorities
If you would like to discuss Privacy Shield in greater detail and/or the specific impact on your company feel free to contact us any time.
The US Department of Commerce has issued a “Fact Sheet” overview of the EU-US Privacy Shield Framework it can be found here.
Privacy Shield will be complex; we strongly recommend consulting legal counsel with international privacy law expertise.