On July 12, 2016, the European Union formally adopted the revamped EU-U.S. Privacy Shield. This new framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States, and will provide legal clarity for businesses relying on transatlantic data transfers. The program is a replacement for the now invalid EU-U.S. “Safe Harbor.”
The Privacy Shield Framework provides:
- a set of protections for the personal data of EU individuals;
- transparency regarding how participating companies use personal data;
- strong U.S. government oversight; and
- increased cooperation with EU data protection authorities.
Joining the Privacy Shield Framework is voluntary. To join, U.S. companies must self-certify to the Department of Commerce and commit to comply with the Framework’s requirements. Once a company makes the commitment to comply, it will become enforceable under U.S. law.
The Department of Commerce will allow companies time to review the Framework and update their compliance programs. On August 1, the Department will begin accepting self-certifications.
The U.S. Department of Commerce has provided a fact sheet that explains the Privacy Shield Framework and the key requirements for participating companies. For more information, visit the U.S. Department of Commerce website.