Privacy Shield Self-Certification Process for US Businesses Underway
Monday was the first day that U.S. companies could self-certify under Privacy Shield to comply with EU data protection requirements in the collection, storage and use of people's personal data. The trans-Atlantic data agreement, which the European Commission approved a…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
little more than two weeks ago (see 1607120001) is still under a legal threat from privacy activists and others, who said the framework doesn't go nearly far enough to protect people's data from government access. For now, U.S. businesses can go to a Department of Commerce-managed site to begin the online self-certification process. It says an organization has to confirm its eligibility to participate, develop a privacy policy statement that complies with the agreement's principles, make "an independent resource mechanism available to investigate unresolved complaints at no cost" for people, put procedures in place to verify it's complying with Privacy Shield, and designate a contact, among other steps. Commerce Secretary Penny Pritzker said in a statement that Privacy Shield will provide "concrete and practical results" for individuals and businesses. "More than $260 billion in digital services trade is already conducted across the Atlantic Ocean annually, but there is significant potential for this figure to grow," she said.