April 24, 2017

April 21, 2017

Subscribe to Latest Legal News and Analysis

Privacy Shield Approaches 2,000 Participants; Review Scheduled for September

Nearly 2,000 organizations are now listed as self-certified to the EU-U.S. Privacy Shield on the Department of Commerce’s (“Commerce”) Privacy Shield website.  Given current developments on both sides of the Atlantic, there are likely to be significant Privacy Shield developments in the coming months.

EU Justice Commissioner Věra Jourová recently concluded her visit to the U.S. to meet with Trump Administration officials and others regarding the status of the Privacy Shield.  During her visit, Commissioner Jourová spoke about the importance of the Privacy Shield as a framework with “enormous potential to strengthen the transatlantic economy and reaffirm our shared values.”  She also met with Commerce Secretary Wilbur Ross to discuss the Privacy Shield, and announced that the first annual joint review will occur in September, which she indicated would be “an important milestone where we need to check that everything is in place and working well.”

During Commissioner Jourová’s visit, the European Parliament passed a resolution which was critical of certain elements of the Privacy Shield, and called on the EU Commission to review and address the critiques during the upcoming annual review.  The resolution acknowledged that the Privacy Shield contains “significant improvements” compared to the prior Safe Harbor framework, but stressed that “important questions remains as regards commercial aspects, national security and law enforcement” under the Privacy Shield.  Commissioner Jourová has indicated that the annual review will solicit input from companies about requests they have received from the U.S. government for data on EU citizens.

Prior to the annual review in September, there are a couple of important Privacy Shield dates to watch.  First, the Swiss-U.S. Privacy Shield, which is nearly identical to the EU-U.S. Privacy Shield but covers data transfers from Switzerland as opposed to the EU, will begin accepting self-certifications on April 12.  Second, the grace period for organizations that self-certified by September 30, 2016 to conform their contracts with third parties to the Privacy Shield’s onward transfer principles ends by June 30, 2017.

Finally, the U.S. International Trade Administration, the bureau within Commerce that administers the Privacy Shield, announced several upcoming Privacy Shield-related events and training opportunities, including a Privacy Shield panel with U.S. and EU government officials at the upcoming IAPP Global Summit.

© 2017 Covington & Burling LLP

TRENDING LEGAL ANALYSIS


About this Author

David J. Bender, Covington Burling, Pharmaceutical Litigation lawyer, International Trade Attorney
Associate

David Bender is an associate in the firm’s Washington, DC office.

  • Representation of a pharmaceutical company in litigation over rights to a first-in-class gastrointestinal drug.

  • Representation of a multinational electronics company in the International Trade Commission in a Section 337 Investigation.

202 662 5822