Skip to content

Hearsay Achieves EU-U.S. Privacy Shield Certification

shutterstock_405290737One of the most important tenets of all EU businesses is the protection of individual data and how it is used by businesses, especially those businesses that are cross border. Demonstrating our ongoing commitment to data protection, Hearsay is now a certified participant under the EU-U.S. Privacy Shield framework ensuring compliance with the latest regulation for protecting the transfer of EU data.
What is the Privacy Shield?
On October 2015, the Safe Harbor agreement between the U.S. Department of Commerce and the European Commission for the transfer of personal data was invalidated by the EU Court of Justice. This change left U.S. companies in the position of finding alternative data transfer mechanisms to be compliant with EU legislation for transferring EU data to the USA, and left businesses wondering what the future had in store for transatlantic deals.
The Privacy Shield, after being approved by the European Commission, was introduced as the successor to the Safe Harbor agreement, and on August 1, 2016, U.S. businesses were allowed to apply for certification under the new framework.
“Today member states have given their strong support to the EU-US Privacy Shield, the renewed safe framework for transatlantic data flows,” Commission vice-president Andrus Ansip and Justice Commissioner Vera Jourova said in a statement. The biggest change in the new Privacy Shield is to strengthen the protection of Europeans whose data is moved to U.S. servers by giving EU citizens greater means to seek redress in case of disputes.
For UK companies wondering about a post-Brexit world, the UK’s Information Commissioner has said the UK may have to adopt EU data protection rules to trade post-Brexit in order to do business with other European Member States.
Highlights of the Privacy Shield Framework
Whilst the Privacy Shield may seem similar to those who were familiar with the Safe Harbor framework, there are some key differences to note.

  • Enforcement: For Hearsay, the U.S. Department of Commerce and the Federal Trade Commission will both be responsible for overseeing and enforcing the application of the Privacy Shield, and will undertake regular review of participants in the program.
  • Recourse: EU Individuals will have additional rights of redress (including being able to pursue actions in U.S. state courts) for any data privacy violations;
  • Recourse: Companies that transfer EU data to U.S. will need to include the third party dispute resolution mechanism in their privacy policy; and
  • Accountability for onward transfers: Onward Transfers of data will now require organizations to enter into contracts providing that data may only be used for limited and specified purposes that are consistent with the individual’s consent; and the recipient of the data must provide the same level of protection.

What does this mean for Hearsay and our customers?
Following the invalidation of the Safe Harbor, Hearsay entered into the Standard Contractual Clauses with its customers to remain compliant for EU to U.S. data transfers. This required having both parties sign a non-negotiable set of standard terms, with details of the type of data being transferred and the purpose for which it was being used. Being certified under the Privacy Shield eliminates the need for this additional paperwork.
Privacy continues to be of importance to our customers and is core to how Hearsay operates.  To comply with the requirements of the Privacy Shield, Hearsay has updated its privacy policy here. As well as updating our privacy policy, we have been ensuring that we have systems in place to deal with the new requirements and any subject access requests that we may receive.
If you have any questions or concerns on how the Privacy Shield works, or how Hearsay plans to implement the regulations, please reach out to the Hearsay legal team via email at

Rachael Ormiston

Rachael Ormiston is a UK qualified lawyer.

Visit the Resource Center

Download White Paper, Infographics, Industry Reports and More…

Visit Resources