By Amanda J. Katzenstein
More than 700 companies have self-certified to comply with the Privacy Shield in the two months since the Department of Commerce began accepting submissions. The number of applications is expected to rise as the September 30, 2016 deadline for a special grace period looms, and the number is expected to slow down after October 1, 2016 because the compliance obligations increase after the deadline.
If a company self-certified by September 30, 2016, it could take advantage of a nine-month period starting from the date of self-certification to bring their contracts with third parties into conformance with the Accountability for Onward Transfer Principle. If the organization was unable to self-certify by September 30, 2016, it will have greater and more immediate compliance obligations before it can proceed with the Privacy Shield, including, but not limited to certifying that it complies with all of the principles at the time of its application, including the Onward Transfer Principle. Polsinelli PC, Polsinelli LLP in California has self-certified with the Privacy Shield as of September 29, 2016.
The Privacy Shield replaces the EU-U.S. Safe Harbor Framework, which had previously been used by thousands of companies that transferred European’s personal information to the U.S. After the EU’s highest court struck down Safe Harbor on October 6, 2015 for violating the privacy rights of Europeans, many companies had been left scrambling to determine how to appropriately transfer the data. For more information on the Privacy Shield, click here.
If your organization is considering compliance with the Privacy Shield, it is recommended that you consult counsel before filing to ensure that you do not have unforeseen issues. There are also alternatives that may be preferable at this stage. For more information, please contact Daniel Farris at firstname.lastname@example.org.