On August 1, 2016, the US Department of Commerce began accepting applications for self-certifications under Privacy Shield, a new mechanism for legitimizing data transfers from the European Union to the United States. Privacy Shield replaces the Safe Harbor program, which was relied upon by nearly 4,400 US-based multinational organizations but was declared inadequate in an October 2015 decision by the European Court of Justice.

Following the decision, Safe Harbor companies have wrestled with how to achieve compliance and have turned to mechanisms such as EU Model Clauses or even taking a wait-and-see noncompliant posture hoping for a viable Safe Harbor replacement. Privacy Shield provides such a replacement but it also requires significant additional compliance steps, including new notice requirements, stronger redress mechanisms for EU citizens and tighter restrictions on onward transfers. To incentivize use of the new Privacy Shield, the program provides that if an organization applies for self-certification by September 30, 2016, it will have a nine-month grace period to conform its contracts with third-party processors to the new onward transfer requirements.

Please join us for a one-hour webcast to discuss Privacy Shield, including how it differs from Safe Harbor, how to assess whether it is a viable option for your business, and whether it makes sense to seek certification by the September 30 deadline.