On July 12, 2016, the European Commission reported the formal adoption of the EU-US Privacy Shield Framework (Privacy Shield), which governs the transfer of data between the EU and the US. As previously reported in E-TIPS® newsletter, the new privacy framework was announced earlier this year.
Privacy Shield is intended to replace the Safe Harbour Privacy Agreement, which was declared to provide inadequate privacy protection by the European Court of Justice in its judgment dated October 6, 2015.
While many aspects of Privacy Shield are the same as the Safe Harbour scheme, there are some important differences.
For example, while the certification and annual re-certification processes remain the same, the Department of Commerce will now monitor compliance through, among other things, audits of companies that are Privacy Shield certified (for example, via questionnaires).
While many notice requirements remain the same, the Privacy Shield notice principles now also notably include an obligation for the organization to inform individuals about:
For further information on Privacy Shield, please see:
Summary By: Michael House
Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.
E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.