Following U.S. and EU officials’ announcement last month of a draft framework for the “Privacy Shield” intended to replace the Safe Harbor program, companies have been waiting to understand the impact of the Shield on their ability to transfer personal data between the EU and U.S.
As we have discussed, participation in the Privacy Shield will require companies to live up to obligations that are more significant than under the Safe Harbor program. For companies considering Privacy Shield participation or that are currently signed up on the U.S. Department of Commerce website as participating in the Safe Harbor program, understanding the timing of the launch of the new Privacy Shield is of critical importance.
Unfortunately, the latest news from the European side does not suggest that the Privacy Shield’s launch is imminent. The program was under review by the Article 29 Working Party (consisting of data privacy officials from the various European member states). At a recent briefing, the group chairman indicated that the program is unclear in certain areas. This seems to call into question the draft approval from the European Commission that the program had received.
TIP: While negotiations around the Privacy Shield continue, companies are reminded of other mechanisms that may be appropriate for the transfer of personal data from Europe to the U.S. These include model clauses between the exporting and importing companies.