For several months we have been closely following the negotiations leading up to the adoption of the US-EU Privacy Shield. This framework, which replaces the US-EU Safe Harbor program, was formally adopted by an overwhelming majority of EU member states on June 12. Starting August 1, U.S. companies that handle or transmit data of EU subjects can register on www.privacyshield.gov to signify that they participate in the Privacy Shield. Since compliance with the Shield is quite involved and may require adjustments to the way companies currently operate, we anticipate that it may take some time before a significant number of U.S. businesses register.
In the short term, the Privacy Shield will provide much-needed certainty for U.S. companies that do business with European countries or have employees or clients overseas. However, it remains to be seen if the Privacy Shield will prove to be a lasting solution for US-EU data transfer. The EU Data Protection Regulation is coming into effect in 2018, and the Shield’s provisions protecting the privacy of EU subjects will have to align with it. The creators of the Privacy Shield believe that it already has a number of features that make it compatible with the Regulation, but at least some tweaks will undoubtedly be necessary. For the time being though, the Privacy Shield is the governing framework.
In short: if you are a U.S. business handling data of EU subjects, consider registering as soon as possible. If you are an EU subject and you believe your privacy rights have been violated, consult The Citizens Guide for assistance in seeking help.
SDV advises insurance policyholders from around the world. Check out our international practice information page to see how we can assist you with international insurance issues.