As we previously reported, on August 1, 2016, the United States Department of Commerce launched the EU-U.S. Privacy Shield self-certification process on its Privacy Shield Website. Several hundred companies, including Microsoft, Salesforce, Panasonic Avionics, and Workday, have already self-certified and many others have submitted their applications and are awaiting DOC’s approval. Those companies who submitted their applications before September 30, 2016 were granted a nine-month grace period to conform their existing contracts with third-party processors to the new onward transfer requirements under the Privacy Shield, thereby being allowed to achieve compliance sooner.
For those considering participating in the framework, the Privacy Shield website offers factual information about the framework, including instructions and details on how to join Privacy Shield, requirements of Privacy Shield participation, and administration of Privacy Shield Program. Likewise, amidst some continued criticism of the framework in the EU, the European Commission published a Guide for citizens, outlining how the Privacy Shield guarantees individuals’ data-protection rights and what remedies are available for individuals who believe their personal data was misused in violation of the framework.
Specifically, the Guide provides detailed information on the following.