Privacy Shield, Securities Regulation Daily, Sept. 8, 2016
Alan S. Wernick
A manufacturing client hired me to help his business with the legal issues involved in setting up their e-commerce enabled website. Shortly after the website went live, the client’s CEO mentioned to me that he was now getting customer orders from places he had never received orders from before. The Internet is global. If your business has a website that obtains infor¬mation on website visitors (some of whom may be from outside the United States), or if your business is presently engaged or planning to engage in doing business in Europe, then the Privacy Shield is critical to your business because data privacy violations can be expensive.
In addition to complying with U.S. data privacy laws, U.S. businesses (including both for profit and not-for-profit) that acquire customer data on customers from the European Union and other countries must comply with the countries’ applicable data privacy laws. A failure to comply may result in substantial penalties. Since 2000 businesses could rely on the European Commission “Safe Harbor” decision as a cost-effective means for compliance; however, that decision was declared invalid in October 2015. In July 2016, the Safe Harbor decision was replaced with the new “Privacy Shield Framework” (the “Privacy Shield”), which imposes stronger obligations on U.S. companies to protect Europeans’ personal data. A U.S. Department of Commerce overview of the EU-U.S. Privacy Shield is available at HERE. A European Commission fact sheet on the EU-U.S. Privacy Shield is available at HERE.
The Privacy Shield program, which is administered by the International Trade Administra¬tion (“ITA”) within the U.S. Department of Commerce, enables U.S.-based organizations to join the Privacy Shield in order to benefit from the resulting presumption of having adequate compliance with EU privacy laws. To participate in the Privacy Shield Framework, a U.S.-based organization is required to self-certify to the Department of Commerce and publicly commit to comply with the Privacy Shield’s requirements. While joining the Privacy Shield Framework is voluntary, once an eligible organization makes the public commit¬ment to comply with the Framework’s requirements, the commitment becomes enforceable under U.S. law. On August 1, 2016, ITA began accepting certification applications from businesses. A list of companies who have self-certified to the Privacy Shield is available HERE.
If you have any questions about this article, please contact the author listed below or the Aronberg Goldgehn attorney with whom you work.
Alan S. Wernick
© 2016 Alan S. Wernick
CLICK HERE for a PDF copy of this article.
The above material is intended for general information and promotional purposes, and should not be relied on or construed as professional advice. Under the Illinois Rules of Professional Conduct, the above information may be considered advertising material. The transmission of this information is not intended to create, and receipt of it does not create, a lawyer-client relationship.