May 6, 2021

Volume XI, Number 126

Advertisement

May 06, 2021

Subscribe to Latest Legal News and Analysis

May 05, 2021

Subscribe to Latest Legal News and Analysis

May 04, 2021

Subscribe to Latest Legal News and Analysis

E.U.-U.S. Privacy Shield: A New, Valuable Tool For Cross-Border Data Transfers

Starting on August 1, 2016, U.S. companies can participate in the E.U.-U.S. Privacy Shield program, a new mechanism that enables the lawful transfers of personal data between the European Union and the United States. The Privacy Shield replaces the now-invalidated “Safe Harbor” program that many companies previously relied upon to transfer personal data of E.U. citizens into the U.S.

The Privacy Shield is a potentially valuable tool for any company transferring personal data out of the E.U., but it is especially important to those that have not updated their cross-border compliance plans since the invalidation of the Safe Harbor in October of 2015.

Like the predecessor Safe Harbor initiative, the Privacy Shield is a self-certification program. In order to participate, a company must self-certify to the Department of Commerce that it meets the requirements set forth in the seven basic privacy principles embodied in the Privacy Shield: (1) notice; (2) choice; (3) accountability for onward transfer; (4) security; (5) data integrity and purpose limitation; (6) access; and (7) recourse, enforcement and liability. These principles are implemented in various ways, including internal policies and practices, customer-facing policies, and third-party contracts. In order to encourage early participation, companies that certify before October 1, 2016 will receive a special 9-month grace period to evaluate and amend existing third party contracts in order to ensure compliance with the Privacy Shield principles.

Although the Privacy Shield has many similarities to the invalidated Safe Harbor, there are several key differences that companies should understand. Most notably, the Privacy Shield provides for significantly more oversight and enforcement, including increased investigative, monitoring, and compliance reviews by U.S. authorities, as well as E.U. citizens’ enhanced redress options with E.U. authorities. In light of the Privacy Shield’s enhanced focus on compliance and enforcement – a notoriously weak aspect of the Safe Harbor – companies considering participating should be sure to carefully review the requirements to ensure compliance.

Advertisement
© 2021 Dinsmore & Shohl LLP. All rights reserved.National Law Review, Volume VI, Number 216
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Kurt R. Hunt, Dinsmore Shohl, Regulatory Compliance Attorney, Corporate Transactions Lawyer, Ohio,
Associate

Kurt focuses his practice on telecommunications and public utilities law, advising clients on general corporate and administrative issues, regulatory compliance, transactions, privacy obligations, and intellectual property matters. He is also an experienced litigator, and routinely represents clients in state and federal courts, as well as before administrative agencies and public utility commissions.

Knowing that public utilities operate inside a highly-regulated and specialized environment, Kurt is adept at tailoring his approach to fit each...

(513) 977-8101
Jennifer Mitchell, health care practice group partner, Dinsmore Shohl, law firm,
Partner

Jennifer is a Partner in the Health Care Practice Group and leads the firm’s HIPAA Privacy and Security practice and initiatives. In her HIPAA practice, she works with clients to minimize the risk of privacy and data security issues, assisting with all aspects of HIPAA privacy and security compliance, governance, audits/investigations, breach analyses, training and strategic planning. She has a thorough understanding of federal and state privacy and confidentiality laws and has served as a health care privacy expert witness. 

Within the...

513-977-8364
Advertisement
Advertisement