European Union Approves EU-US Privacy Shield

By Michael Klazema on 7/15/2016

The European Union (EU) approved the EU-US Privacy Shield, a framework designed to replace the now-defunct Safe Harbor, on Tuesday. The approval ends months of “Will they? Won’t they?” as certain European entities roundly endorsed the framework while others came out squarely against it. Now that the EU has endorsed the Privacy Shield, the US Commerce Department is moving fast to get it launched. Commerce will begin accepting applications for Privacy Shield on August 1, and the Shield takes effect immediately.

What follows are the key requirements of the EU-US Privacy Shield:

  • Companies to self-certify. Being a member of the Privacy Shield is optional; however, participants who do join must self-certify with the Commerce Department and publicly declare their commitment to comply. Once the company makes the public declaration, that commitment is enforceable under US law.
  • Free Dispute Resolution. With a nod to the FCRA, Privacy Shield requires a free and accessible disputes process for individuals; participating companies must respond within 45 days.
  • Data limitation. Participants must commit to limiting the use of the data collected, which is consistent with European privacy principles.
  • Greater accountability for data transferred to third parties. Privacy Shield participants must ensure through process and contractual means that data transferred to their parties is handled with the same level of commitment to the Shield.
  • Ongoing commitment to data protection. Even if a company decides to leave the Privacy Shield, it must continue to protect the information it collected while it was a participant.

The Privacy Shield is similar to the Safe Harbor framework it replaces. It does, however, resolve the most common Safe Harbor complaints which typically centered on the wide surveillance berth perceived to be taken by government and law enforcement communities. 

What This Means: 

The EU approval means that US companies now have a clear path forward in creating data privacy programs that actually comply with European standards. Rather than an outright rejection of everything Safe Harbor, Privacy Shield holds many of the same fundamental principles that were present in the now-defunct framework. It does provide more clear guidance in areas such as individual complaints, information sharing with government agencies and verification of compliance with privacy principles.

What You Should Do:

Tag Cloud
Recent Posts

Latest News

  • April 19

    In a post-Penn State scandal world, universities are more aware than ever of the need to protect students by vetting faculty. The extent of this vetting and its implementation are hot topics causing controversy on campuses nationwide.

  • April 18 Amazon’s criminal background checks look back seven years and consider any convictions from that time. All finalists must complete criminal background searches, reference checks, and drug tests.
  • April 17

    From entry-level positions to roles involving “Top Secret” security clearances, military roles can involve a variety of different background investigations. We look at what different types of military background checks entail.

  • April 17 A new CNBC series is looking at true HR stories and their lessons. The most recent installment looked at the consequences of not running background checks.
  • April 12 Complicated by patchwork legislation and continuing federal prohibition, marijuana legalization poses several challenges for employers and would-be employees alike. Despite its legal status in a growing number of states, marijuana continues to negatively impact job-seekers.
  • April 12 Familiarizing yourself with the legality of background checks is essential. Continue reading about laws and regulations.
  • April 11

    Understanding the background check obligations in your industry and state.

  • April 10 A former employee of a senior assisted living community is facing charges for stealing from a resident. The alleged theft occurred after the employee gained access to the patient’s credit cards and checking account.
  • April 06 Background checks aren’t pass or fail. Employers consider various factors before making any hiring decision based on background check data.
  • April 06  Level 1 and Level 2 are terms used in Florida law to describe background check requirements for employers. We look at what a Level 2 background check entails.