After Safe Harbor, the international data transfer law used by the United States and the European Union was invalidated and the Department of Commerce and the EU Commission worked to draft a new agreement to give additional rights to EU citizens with respect to their personal information when transferred to the United States. On July 12, 2016, the United States and the European Union agreed to a new framework for the exchange of personal data for commercial purposes called the “Privacy Shield,” which was created to replace Safe Harbor.
For compliance purposes, those participating and self-certifying with Privacy Shield must comply with seven principles set forth in the adequacy decision (the “Privacy Shield Principles”) including Notice, Choice, Security, Data Integrity and Purpose Limitation, Access, Accountability for Onward Transfers and Recourse, Enforcement, and Liability. The Privacy Shield Principles mirror those in the Safe Harbor framework, but each is expanded to offer greater protection for individuals.
Due to the heightened obligations, those participating companies that intend to certify and accept data from individuals in the EU should update their policies to reflect the changes in the Privacy Shield Principles as well as review their current contractor, supplier and/or vendor agreements to ensure compliance.
Melody Ashby is a Senior Attorney at Meyer Law, a woman-owned, forward-thinking boutique law firm specializing in helping entrepreneurs and technology companies from startups to fortune 500’s with corporate, contracts, employment and intellectual property matters in Technology, Telecom, FinTech, EdTech, AdTech, HealthTech, Internet of Things, Financial Services, Telecom, Social Media, Real Estate, Marketing, Advertising and Healthcare sectors. Melody is a mentor at tech incubators and accelerators across the United States. Learn more at www.MeetMeyerLaw.com and follow us on Twitter @TheTriciaMeyer and @LoveYourLawFirm.