European Union Approves EU-US Privacy Shield

By Michael Klazema on 7/15/2016

The European Union (EU) approved the EU-US Privacy Shield, a framework designed to replace the now-defunct Safe Harbor, on Tuesday. The approval ends months of “Will they? Won’t they?” as certain European entities roundly endorsed the framework while others came out squarely against it. Now that the EU has endorsed the Privacy Shield, the US Commerce Department is moving fast to get it launched. Commerce will begin accepting applications for Privacy Shield on August 1, and the Shield takes effect immediately.

What follows are the key requirements of the EU-US Privacy Shield:

  • Companies to self-certify. Being a member of the Privacy Shield is optional; however, participants who do join must self-certify with the Commerce Department and publicly declare their commitment to comply. Once the company makes the public declaration, that commitment is enforceable under US law.
  • Free Dispute Resolution. With a nod to the FCRA, Privacy Shield requires a free and accessible disputes process for individuals; participating companies must respond within 45 days.
  • Data limitation. Participants must commit to limiting the use of the data collected, which is consistent with European privacy principles.
  • Greater accountability for data transferred to third parties. Privacy Shield participants must ensure through process and contractual means that data transferred to their parties is handled with the same level of commitment to the Shield.
  • Ongoing commitment to data protection. Even if a company decides to leave the Privacy Shield, it must continue to protect the information it collected while it was a participant.

The Privacy Shield is similar to the Safe Harbor framework it replaces. It does, however, resolve the most common Safe Harbor complaints which typically centered on the wide surveillance berth perceived to be taken by government and law enforcement communities. 

What This Means: 

The EU approval means that US companies now have a clear path forward in creating data privacy programs that actually comply with European standards. Rather than an outright rejection of everything Safe Harbor, Privacy Shield holds many of the same fundamental principles that were present in the now-defunct framework. It does provide more clear guidance in areas such as individual complaints, information sharing with government agencies and verification of compliance with privacy principles.

What You Should Do:

Tag Cloud
Recent Posts

Latest News

  • January 17 As part of efforts to foster more opportunities to work for those with criminal records, many states make allowances for expunging records. Pennsylvania has joined their ranks with a slightly different program.
  • January 15 A viral news story at The Cleveland Clinic has reignited the debate over social media background checks. The hospital recently fired a medical resident with a history of anti-Semitic tweets.
  • January 10 To remain a competitive employment option for retail workers, Best Buy will begin offering childcare options for parents. 
  • January 07 The rise of the "gig economy" was rapid, and questions about safety for users of these new services grew along with the industry. Background check policies in the gig economy can be unclear or unevenly applied, leading to barriers for some seeking jobs.
  • January 04 A new service that offers background checks for babysitters has come under fire for racial bias, invasion of privacy, and non-compliance with FCRA requirements. Predictim has paused its launch due to controversy.
  • December 21 Everyone with a driver’s license has a driving record. Here are some of the details that can be discovered or verified through a driving report records check.
  • December 20 Trust between patient and practitioner is a critical part of a strong healthcare system. An investigation uncovered hundreds of doctors practicing in new locations after giving up their licenses following serious mistakes.
  • December 18 Professional license verification checks help ensure that job candidates have the licenses or certifications necessary for certain positions. Here’s how they work.
  • December 17 When it comes to hiring new employees, Providence Wireless relies on for help with the vetting process.
  • December 13

    As the food truck fad proves it has staying power, many local governments have looked for ways to protect their communities without constraining economic activity. The effort to strike the right balance is ongoing.