The EU–U.S. and Swiss-U.S. Privacy Shield which replaced Safe Harbor in 2015, is a framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States, and Switzerland and the United States. One of its purposes is to enable US companies to receive personal data from EU organisations under EU privacy laws (GDPR).
To join the Privacy Shield Framework, an organization is required to self-certify to the U.S. Department of Commerce and publicly commit to comply with the Framework’s requirements and whilst joining the Privacy Shield register is voluntary, once an eligible organisation makes the public commitment to comply with the Framework’s requirements, the commitment becomes enforceable under U.S. law.
The Privacy Shield program, administered by the U.S. Department of Commerce, delivers a number of key benefits:
- Enhanced Dispute Resolution systems with additional reporting criteria.
- A US-based Privacy Ombudsperson to handle complaints regarding data access by US Intelligence agencies.
- Stricter controls on onward transfer of data once outside of the European Union and Switzerland.
- Liability remaining with data controllers after the onward transfer of data to third-party agent.
- The option for binding arbitration to handle unresolved complaints.
- Increased co-operation between the Department of Commerce and the European Commission and the Swiss Federal Data Protection and Information Commissioner, including an annual review of the program when appropriate.
Access’ New York operation has been registered under Privacy Shield since 2018 and will continue to renew every year in order to increase Access’ security position in the US alongside its HIPAA (Health Insurance Portability and Accountability Act) compliance which is currently being renewed.