After Safe Harbor, the international data transfer law used by the United States and the European Union was invalidated and the Department of Commerce and the EU Commission worked to draft a new agreement to give additional rights to EU citizens with respect to their personal information when transferred to the United States. On July 12, 2016, the United States and the European Union agreed to a new framework for the exchange of personal data for commercial purposes called the “Privacy Shield,” which was created to replace Safe Harbor.
For compliance purposes, those participating and self-certifying with Privacy Shield must comply with seven principles set forth in the adequacy decision (the “Privacy Shield Principles”) including Notice, Choice, Security, Data Integrity and Purpose Limitation, Access, Accountability for Onward Transfers and Recourse, Enforcement, and Liability. The Privacy Shield Principles mirror those in the Safe Harbor framework, but each is expanded to offer greater protection for individuals.
Due to the heightened obligations, those participating companies that intend to certify and accept data from individuals in the EU should update their policies to reflect the changes in the Privacy Shield Principles as well as review their current contractor, supplier and/or vendor agreements to ensure compliance.
Melody Ashby is a Senior Attorney at Meyer Law, one of the fastest growing law firms in the United States. Melody helps companies with corporate and securities matters, trademarks, contracts, employment matters and capital raises. Melody is a mentor at tech incubators and accelerators across the United States. Learn more about Meyer Law here on our website + follow us on Instagram @loveyourlawyer