"Does Your Company Meet Privacy Shield Protection Criteria?"

Article

As of August 1, the US-EU Privacy Shield is up and running. Companies transferring personal data (e.g., employee data, customer data, etc.) from the EU to the U.S. can nowregister with the U.S. Department of Commerce provided that they meet the requisite protection criteria. Registration under the Privacy Shield certifies that the transfer of the personal data does not run afoul of the EU rules which generally prohibit the transfer of such personal data to the U.S.

As you will recall, the Privacy Shield replaces the EU-US Safe Harbor which was declared invalid by the European Court of Justice (ECJ). One reason identified by the ECJ was the inadequate remedies available to EU citizens against U.S. companies. One important aspect of the Privacy Shield is the expanded remedies given to data subjects. The Privacy Shield has a formal dispute procedure EU citizens can trigger.

In an effort to stimulate greater compliance through private enforcement, the European Commission just issued a guide for consumers to inform them of their rights and how they can initiate complaints against U.S. businesses. It will not take long before the cases start to filter through the system.

“U.S. companies should determine whether they transfer data from the EU to the U.S., what exception they rely on to legally transfer such data and whether the Privacy Shield is appropriate for them.”

Follow Quarles

Subscribe Media Contact
Back to Main Content

We use cookies to provide you with the best user experience on our website and to analyze statistics related to our website. To understand more about how we use cookies, or for instructions to change your preference and browser settings, please see our Privacy Notice. Please note that if you choose to reject cookies, doing so may impair some of our website's functionality.