Category

Privacy Shield

Category

The European Union Commission (Commission) has issued a report on its findings from the third annual Privacy Shield review, which took place in September. In its report, the Commission confirmed that the EU-US Privacy Shield framework continues to ensure an adequate level of protection for personal data transferred from the EU to companies participating in the Privacy Shield program in the United States. In concluding its report, the Commission provided additional action items necessary to…

On September 8, 2017, three U.S. companies settled actions brought by the Federal Trade Commission (“FTC”) for misleading consumers about their participation in the EU – U.S. Privacy Shield Framework (“Privacy Shield”). These were the first Privacy Shield enforcement actions brought by the FTC. The Privacy Shield replaced the U.S. – EU Safe Harbor framework as the legal mechanism for transatlantic data flows in August 2016. It functions through a self-certification process by which U.S.…

United States Commerce Secretary Wilbur Ross and the Trump administration recently confirmed their commitment to the US-EU Privacy Shield (“Privacy Shield”) framework in meetings held with European Union Justice Commissioner Vera Jourova. Commissioner Jourova went to Washington to gain reassurance from the Trump administration that it would maintain its commitment to the Privacy Shield framework. In an interview on Thursday, Commissioner Jourova stated that Secretary Ross assured her that he understood the importance of Privacy…

On January 25, 2017, the U.S. President signed an Executive Order on “Enhancing Public Safety in the Interior of the United States” containing rules for government privacy policies pertaining to foreigners. This caused concerns in Europe, but should not affect the EU-U.S. Privacy Shield.Section 14 of the Executive Order is entitled “Privacy Act” and provides that “Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not…

On January 11, 2017, the US and Swiss authorities announced their agreement on a new cross-border data transfer framework, the Swiss-US Privacy Shield Framework, to allow US companies to meet the requirements for transfers of personal data from Switzerland to the US. This new Framework, which will replace the existing US-Swiss Safe Harbor program, will begin accepting self-certifications from US companies starting on April 12, 2017. The Framework requirements were described by Swiss authorities as…

In a surprising turn of events, the New York State Department of Financial Services (“DFS”) announced on December 28 significant changes to its cybersecurity regulation in response to industry concerns that the agency’s original proposal was too prescriptive, and did not allow enough time for compliance.In September of 2016, DFS had proposed stringent cybersecurity requirements aimed at protecting “Nonpublic Information” within the custody or control of banks, insurers, and other financial institutions (“Covered Entities”) from…

Privacy Shield BackgroundIn August 2016, the EU-U.S. Privacy Shield replaced the Safe Harbor Program, which was invalidated on October 6, 2015 by the Court of Justice of the European Union (CJEU) in the Schrems decision, C-362/14. The EU-U.S. Privacy Shield provides companies with a mechanism to comply with international data transfer requirements under European data protection law when personal data is transferred from the EU to the U.S. The EU-U.S. Privacy Shield is based on…

With over 2,000 companies so far taking advantage of the EU-US Privacy Shield Arrangement to transfer information from the European Union to the US, a need certainly exists in the marketplace for compliance solutions to cross-border data flows. For companies transitioning over to Privacy Shield, or even those self-certifying to Privacy Shield for the first time, our team of privacy experts is here to assist in navigating this complex new framework. Below is a high-level checklist…

After much negotiation between the U.S. and European authorities, the Department of Commerce (DOC) began accepting applications to the EU-U.S. Privacy Shield Framework on August 1, 2016. Although there was considerable speculation about whether U.S. companies would participate in the program due to the possibility of legal challenges in Europe and the more stringent requirements of Privacy Shield over Safe Harbor, more than 75 companies have already completed the self-certification process, and many more have…

As of August 1, 2016, U.S. companies can now self-certify compliance to the EU-U.S. Privacy Shield (“Privacy Shield”) to the U.S. Department of Commerce (see https://www.privacyshield.gov/welcome). Privacy Shield is a new legal mechanism that provides “adequate protection” within the meaning of EU data protection laws for transatlantic data flows to the United States. Privacy Shield replaces the U.S.-EU Safe Harbor Arrangement (“Safe Harbor”) as a key mechanism for EU to U.S. data transfers, as the…