The U.S. Department of Commerce formally approved the EU-U.S. 'Privacy Shield' on the 12 July. The Privacy Shield replaces the Safe Harbor framework, which was removed in October 2015, and offers U.S. organisations who collect and process personal data of EU citizens a straightforward mechanism to legally transfer EU personal data to the U.S. The Privacy Shield is a binding data transfer framework, and compared to the Safe Harbor, it imposes stricter and more comprehensive data protection obligations on U.S. organisations that handle personal data. U.S. organisations wishing to take advantage of the Privacy Shield will need to apply to the U.S. Department of Commerce. The date on which applications are first being accepted is 1 August 2016.
What Should Employers Do Next?
Companies will need to assess the risks associated with a failure to comply with the EU's data privacy laws, and consider whether the Privacy Shield is the best course of action for compliance with this legislation.
For further information to enable you to undertake this assessment, please read our partner, Doron Goldstein's commentary, available here.