If Your Company Receives EU Citizens’ Personal Data, Privacy Shield Self-Certification Is Now Open – And the Clock is Ticking on Compliance Grace Period
August 1, 2016
If your company transfers the personal information of European Union citizens to the United States, you likely have kept a close eye on the evolution of EU privacy law since a European court invalidated the former EU-U.S. Safe Harbor agreement. Recently, after nine months of uncertainty, the EU and U.S. reached a new accord termed the Privacy Shield. Similar to the defunct Safe Harbor, the Privacy Shield allows companies to self-certify their compliance with the Privacy Shield’s data protection principles.
The U.S. Commerce Department will begin accepting self-certifications on August 1, 2016. Because adhering to the Privacy Shield’s principles will likely affect companies’ commercial relationships with third parties, companies that self-certify before September 30, 2016 will have a nine-month grace period for bringing existing commercial relationships into compliance. Although the grace period offers companies an incentive to promptly self-certify, companies must still take a number of steps before doing so, such as updating their privacy policies and establishing a procedure for investigating complaints. Thus, the clock is ticking for companies that want to use the grace period to bring their commercial relationships into compliance with the Privacy Shield.
The Privacy Shield provides a much-awaited mechanism for legitimizing transatlantic transfers of personal data. The attorneys in McNees’s International and Privacy & Data Security Practice Groups can assist you in navigating this new certification process. For more information, please contact Louis Dejoie, Devin Chwastyk or Thomas Markey.
© 2016 McNees Wallace & Nurick LLC
Privacy & Data Security Alert is presented with the understanding that the publisher does not render specific legal, accounting or other professional service to the reader. Due to the rapidly changing nature of the law, information contained in this publication may become outdated. Anyone using this material must always research original sources of authority and update this information to ensure accuracy and applicability to specific legal matters. In no event will the authors, the reviewers or the publisher be liable for any damage, whether direct, indirect or consequential, claimed to result from the use of this material.