TrustArc Blog

Update: EU-U.S. Data Transfer Mechanisms Legal Challenges

June 18, 2019

As previously described on the TrustArc Blog (“ Privacy Shield Approaching Its 3 Year Anniversary”, the European Union (EU)-U.S. Privacy Shield Framework has received two successive annual approvals from the European Commission (EC) since its July 2016 adoption, and currently serves as an EU-to-U.S. personal data transfer mechanism for more than 4,700 U.S. organizations. Separately, pre-approved standard contractual clauses (SCCs), the most recent version of which was issued in 2010, are also recognized by the EC as valid transfer mechanisms to non-European Economic Area “third countries.” On June 13th, the European Commissioner for Justice and Consumers confirmed in a speech that SCCs are … Continue reading Update: EU-U.S. Data Transfer Mechanisms Legal Challenges

Privacy Shield Program Continues to Demonstrate High Interest

August 09, 2018

The U.S. Department of Commerce recently issued a communication highlighting the growing industry interest in participating in both EU-U.S. and Swiss-U.S. Privacy Shield certification programs. There are currently over 3,300 organizations in the program and over 1,000 more who have submitted their first time certification applications in recent months – which will likely bring the number of participants to over 4,000. Dave Deasy, SVP Marketing at TrustArc, commented “we are continuing to see high interest in Privacy Shield from companies of all sizes to ensure they can demonstrate a high commitment to privacy for international data transfers.  This is consistent … Continue reading Privacy Shield Program Continues to Demonstrate High Interest

EU-U.S. Privacy Shield: First Review Positive

October 25, 2017

The EU-U.S. Privacy Shield international data transfer framework had its first annual review; highlights are included below. Andrus Ansip, Commission Vice-President for the Digital Single Market, said: The Commission stands strongly behind the Privacy Shield arrangement with the U.S. Making international data transfers sound, safe and secure benefits certified companies and European consumers and businesses, including EU SMEs. This first annual review demonstrates our commitment to create a strong certification scheme with dynamic oversight work. Overall, the report shows that European Commission (EC) feels that the Privacy Shield continues to ensure an adequate level of protection for the personal data transferred from the EU … Continue reading EU-U.S. Privacy Shield: First Review Positive

EBSCO Shows Commitment to Data Privacy through Privacy Shield Certification

September 25, 2017

EBSCO Industries, Inc. and its subsidiaries (EBSCO) have completed their certification for EU-US Privacy Shield, which is the international data transfer framework requiring that companies meet rigorous obligations to protect the personal data of Europeans. View EBSCO’s Privacy Shield certification here. It is monitored and enforced by the US Department of Commerce (DOC) and the Federal Trade Commission (FTC). EBSCO’s certification demonstrates their commitment to consumer privacy and ensures that they transfer data in a safe way, in compliance with the Privacy Shield framework. TRUSTe reviewed and verified that they comply with the EU-US Privacy Shield Framework; TRUSTe will also provide independent dispute resolution services to … Continue reading EBSCO Shows Commitment to Data Privacy through Privacy Shield Certification

Swiss-US Privacy Shield Rollout: What to Expect – Webinar Recap

April 13, 2017

Adding Swiss-US Privacy Shield self-certification. As part of the TRUSTe Privacy Insight Webinar Series, Nasreen Djouini, Michelle Sylvester-Jose of the U.S. International Trade Administration, and Josh Harris of TRUSTe discussed the rollout of Swiss-US Privacy Shield. Some examples of where the Swiss-US Privacy Shield framework and the EU-US Privacy Shield framework vary are: When covering HR data received from Switzerland, an organization must commit to cooperating with the Swiss Federal Data Protection Information Commissioner authority (FDPIC) as the independent recourse mechanism. However, for non-HR data, an organization can elect to use the Swiss Federal Data Protection Information Commissioner or use … Continue reading Swiss-US Privacy Shield Rollout: What to Expect – Webinar Recap

Privacy Shield Grace Period is Ending, Are you Ready?

March 20, 2017

EU US Privacy Shield

Soon companies that self-certified with the Department of Commerce (DOC) last fall before the September 30, 2016 deadline will have the 9 month “grace period” come to a close. The grace period was given to these companies so that they could ensure that all of their third party vendors met the Accountability for Onward Transfer principle. The grace period ends soon, meaning that the deadline is fast approaching. The Privacy Shield  Accountability for Onward Transfer principle, Section II, 3.b., states: To transfer personal data to a third party acting as an agent, organizations must: (i) transfer such data only for limited and specified … Continue reading Privacy Shield Grace Period is Ending, Are you Ready?