One of the most important tenets of all EU businesses is the protection of individual data and how it is used by businesses, especially those businesses that are cross border. Demonstrating our ongoing commitment to data protection, Hearsay is now a certified participant under the EU-U.S. Privacy Shield framework ensuring compliance with the latest regulation for protecting the transfer of EU data.
What is the Privacy Shield?
On October 2015, the Safe Harbor agreement between the U.S. Department of Commerce and the European Commission for the transfer of personal data was invalidated by the EU Court of Justice. This change left U.S. companies in the position of finding alternative data transfer mechanisms to be compliant with EU legislation for transferring EU data to the USA, and left businesses wondering what the future had in store for transatlantic deals.
The Privacy Shield, after being approved by the European Commission, was introduced as the successor to the Safe Harbor agreement, and on August 1, 2016, U.S. businesses were allowed to apply for certification under the new framework.
“Today member states have given their strong support to the EU-US Privacy Shield, the renewed safe framework for transatlantic data flows,” Commission vice-president Andrus Ansip and Justice Commissioner Vera Jourova said in a statement. The biggest change in the new Privacy Shield is to strengthen the protection of Europeans whose data is moved to U.S. servers by giving EU citizens greater means to seek redress in case of disputes.
For UK companies wondering about a post-Brexit world, the UK’s Information Commissioner has said the UK may have to adopt EU data protection rules to trade post-Brexit in order to do business with other European Member States.
Highlights of the Privacy Shield Framework
Whilst the Privacy Shield may seem similar to those who were familiar with the Safe Harbor framework, there are some key differences to note.
- Enforcement: For Hearsay, the U.S. Department of Commerce and the Federal Trade Commission will both be responsible for overseeing and enforcing the application of the Privacy Shield, and will undertake regular review of participants in the program.
- Recourse: EU Individuals will have additional rights of redress (including being able to pursue actions in U.S. state courts) for any data privacy violations;
- Accountability for onward transfers: Onward Transfers of data will now require organizations to enter into contracts providing that data may only be used for limited and specified purposes that are consistent with the individual’s consent; and the recipient of the data must provide the same level of protection.
What does this mean for Hearsay and our customers?
Following the invalidation of the Safe Harbor, Hearsay entered into the Standard Contractual Clauses with its customers to remain compliant for EU to U.S. data transfers. This required having both parties sign a non-negotiable set of standard terms, with details of the type of data being transferred and the purpose for which it was being used. Being certified under the Privacy Shield eliminates the need for this additional paperwork.
If you have any questions or concerns on how the Privacy Shield works, or how Hearsay plans to implement the regulations, please reach out to the Hearsay legal team via email at firstname.lastname@example.org.