Tagged: European Data

New “Privacy Shield” for EU-U.S. Data Transfers Gains Acceptance by Europe and U.S. Regulators 0

New “Privacy Shield” for EU-U.S. Data Transfers Gains Acceptance by Europe and U.S. Regulators

As previously noted, in response to the European Court of Justice ruling in Schrems v. Data Protection Commissioner (Case C-362/14) striking down as inadequate the so-called “safe harbor” agreement that existed for more than a decade, the EU Commission and U.S. Department of Justice announced the framework of a deal to allow transatlantic data transfers between the EU and U.S. without running afoul of Europe’s strict data protection directives. Described as the EU-U.S. “Privacy Shield” agreement, that framework has now been vetted by EU Member States, modified in certain respects, and formally adopted on July 12, 2016 by the European Commission.

New “Privacy Shield” Agreement Seeks to Resurrect a Safe Harbor for EU-U.S. Data Transfers – Can it Succeed? 0

New “Privacy Shield” Agreement Seeks to Resurrect a Safe Harbor for EU-U.S. Data Transfers – Can it Succeed?

On February 2, 2016, the EU Commission and U.S. Department of Justice announced the framework of a deal to allow transatlantic data transfers between the EU and U.S. without running afoul of Europe’s strict data protection directives. It was appropriate that the announcement came on Groundhog Day, because we have been here before.

Nothing “Safe” About It: Companies That Falsely Certify Compliance with the U.S.- E.U Safe-Harbor Framework May Receive Years of Regulatory Oversight 0

Nothing “Safe” About It: Companies That Falsely Certify Compliance with the U.S.- E.U Safe-Harbor Framework May Receive Years of Regulatory Oversight

In 2000, the European Commission and U.S. Department of Commerce developed the so-called “U.S.-E.U. Safe-Harbor Framework” as a way to foster data transfer between the United States and E.U. countries notwithstanding concerns that U.S. privacy laws do not offer the same level of protection as E.U. laws with respect to personally identifiable information. As part of the safe-harbor framework, companies that choose to enter the program must publicly declare compliance with the safe-harbor requirements, which include adherence to seven privacy principles touching on the areas of notice, access, data integrity, individual choice (opt in/out rules), security, third-party transfer, and enforcement. The principle of “enforcement” includes making sure that procedures are in place to verify a company’s adherence to the rules and a sanctions regime sufficient to ensure compliance.