Although the European Commission adopted the Privacy Shield last month to replace the Safe Harbor Agreement that was upended by Austrian law student Max Schrems, U.S. companies are not out of the woods yet.
The U.S. Department of Commerce began accepting self-certifications by U.S. companies adhering to the Privacy Shield on August 1.
“All Privacy Shield requirements must be met before a company can self-certify,” said Michael Whitener, privacy and data security attorney with VLP Law Group in Washington, D.C.
If companies are not compliant, the Privacy Shield requirements could lead to substantial penalties.
“Privacy Shield will increase the obligations for companies that are transmitting consumer information and improve consumer safety in particular in the area of the onward transfer of consumer information,” said Zac Carman, CEO of ConsumerAffairs, a company based in Tulsa, Oklahoma.
The law put in place by the European courts is meant to protect digital data of European citizens after the Safe Harbor Agreement was overturned when Schrems filed a complaint with the Irish Data Protection Commissioner asking it to prohibit Facebook Ireland from transferring his personal data to Facebook in the United States.
Like the Safe Harbor Framework, the Privacy Shield has seven primary principles.
However, the Privacy Shield contains an additional 16 supplemental principles, addressing consent to process sensitive data, verification procedures and an individual’s right to access his or her data.
“The Privacy Shield differs from Safe Harbor in that it has stricter rules governing data transfers from a Privacy Shield-certified company to third parties, it limits U.S. government access to the personal data of EU citizens, mandates the appointment of a State Department Ombudsman to process complaints relating to U.S. intelligence practices and multiple dispute resolution options if an individual believes that Privacy Shield requirements have been violated,” Whitener told Newsmax Finance.
The new deal was created to provide multinationals and web firms with a relatively easy way to legally process the personal data of European customers and employees but Brexit is adding to the confusion.
"We're in a wait-and-see mode with Brexit,” Carman told Newsmax Finance. “We're very focused on the protection of the consumer information we receive but are worried about the potential increase in regulatory requirements.”
Once the U.K. completes its exit from the European continent, data transfers from the UK to the US will only be subject to the UK’s Data Protection Act of 1998. However it will take at least two years for Brexit to complete and until then data transfers from the U.K. are covered by the Privacy Shield.
“The UK could approve the Privacy Shield certification as an adequate means of transferring UK personal data to the US or create its own approval process,” Whitener said.
However it will take at least two years for Brexit to complete and until then data transfers from the U.K. are covered by the Privacy Shield.
Meanwhile, American companies like ConsumerAffairs are already focused on protecting consumer information both domestically and internationally.
“Each year we go through security exercises and work to improve the policies and procedures regarding the storage of all our information,” Carman said.
Juliette Fairley is an author, lecturer and TV host based in New York. To read more of her work, Click Here Now.
© 2021 Newsmax Finance. All rights reserved.