After Safe Harbor, the international data transfer law used by the United States and the European Union was invalidated and the Department of Commerce and the EU Commission worked to draft a new agreement to give additional rights to EU citizens with respect to their personal information when transferred to the United States. On July 12, 2016, the United States and the European Union agreed to a new framework for the exchange of personal data for commercial purposes called the “Privacy Shield,” which was created to replace Safe Harbor.
Upon first glance, Privacy Shield seems to resemble Safe Harbor; however, upon closer inspection, it is clear that Privacy Shield has implemented new standards of data protection, including adding stricter requirements and additional limitations on access to personal data. Similar to Safe Harbor, organizations certifying their compliance with Privacy Shield must meet the following criteria: (i) the participating companies must fall under the enforcement of the FTC or another US agency that is able to ensure compliance, (ii) publicize that it will only process data in accordance with the Privacy Shield Principles by self-certifying, (iii) make its privacy policy public, and (iv) actually implement the new Privacy Shield Principles.
For compliance purposes, those participating and self-certifying with Privacy Shield must comply with seven principles set forth in the adequacy decision (the “Privacy Shield Principles”) including Notice, Choice, Security, Data Integrity and Purpose Limitation, Access, Accountability for Onward Transfers and Recourse, Enforcement, and Liability. The Privacy Shield Principles mirror those in the Safe Harbor framework, but each is expanded to offer greater protection for individuals.
Due to the heightened obligations, those participating companies that intend to certify and accept data from individuals in the EU should update their policies to reflect the changes in the Privacy Shield Principles as well as review their current contractor, supplier and/or vendor agreements to ensure compliance.
Melody Ashby is a Senior Attorney at Meyer Law, one of the fastest growing law firms in the United States. Melody helps companies with corporate and securities matters, trademarks, contracts, employment matters and capital raises. Melody is a mentor at tech incubators and accelerators across the United States. Learn more about Meyer Law here on our website + follow us on Instagram @loveyourlawyer
