EU-U.S. Privacy Shield Framework
On July 12, 2016 the EU adopted the EU-U.S. Privacy Shield Framework which was negotiated by the EU and U.S. Department of Commerce. This new framework replaces the U.S.-EU Safe Harbor Framework and preserves data flows between the European Union and United States.
The U.S. Department of Commerce indicates that it will begin accepting new applications under the Shield framework on August 1st, 2016. Companies interested in self-certifying under the Privacy Shield Framework should begin reviewing the new requirements and creating a Privacy Shield compliant notice and incorporating these principles into its corporate practices. DMA shall serve as a dispute resolution provider under the EU-US Privacy Shield program (as it has done for Safe Harbor since inception.) Please see below for compliance and application materials.
The Privacy Shield Framework provides a set of robust and enforceable protections for the personal data of EU individuals. The Framework provides transparency regarding how participating companies use personal data, strong U.S. government oversight, and increased cooperation with EU data protection authorities (DPAs). The Privacy Shield Framework offers EU individuals’ access to multiple avenues to address any concerns regarding participants’ compliance with the Framework, including free dispute resolution which the DMA provides to participating member companies.
It is important to note that neither the DMA Shield Program nor the DMA Safe Harbor Program cover issues relating to the transfer of human resources data. However, the transfer of such data does fall under the frameworks and you must select DPAs as your independent third party dispute provider for this type of data. The DMA Shield & Safe Harbor Programs cover all other types of data.
While joining the Privacy Shield Framework will be voluntary, once an eligible company makes the public commitment to comply with the Framework’s requirements, the commitment will become enforceable under U.S. law. All companies interested in joining the Privacy Shield Framework should review its requirements in their entirety. To assist in that effort, key new elements are outlined in the right-hand column. Please review your data flows and privacy practices with your legal counsel to ensure that your program is meeting the Shield requirements. The information provided by DMA is for your background and overall guidance and should not be considered as legal advice for your specific company’s needs.
Apply for Privacy Shield Dispute Resolution Services
U.S.-Swiss Safe Harbor Framework
Effective February 16th, 2009 data transferred, collected, processed and/or imported from Switzerland is covered under the U.S.-Swiss safe harbor framework. The U.S. Department of Commerce is under negotiations with Switzerland to implement a Swiss-U.S. Privacy Shield Program. In the meantime, the U.S.-Swiss Safe Harbor Framework is still a valid means of data transfer.
If your organization transfers data from Switzerland to the U.S. and you would like it to be covered under the Safe Harbor framework then you would need to review the U.S.-Swiss Safe Harbor principles and FAQs posted on the U.S. Department of Commerce’s website at www.export.gov/safeharbor. Participation by companies in the U.S.-Swiss safe harbor framework is completely voluntary. However, if your company decides to take advantage of the safe harbor framework, then you must:
- Comply with the seven safe harbor principles (notice, choice, onward transfer, access, security, data integrity and enforcement);
- Review the 15 frequently asked questions prepared by the U.S. Department of Commerce;
- Certify to the U.S. Department of Commerce that you have implemented and comply with the safe harbor principles;
- Have in-house and third-party dispute and enforcement mechanisms in place to ensure your compliance; and
- Continue to adhere to the safe harbor principles for data collected while participating in the framework, even if your company decides to leave the framework at a later date. This information must always be protected by the safe harbor principles even if your company decides to no longer participate in the program.
Apply for Safe Harbor Dispute Resolution Services