Overview of the EU-US Privacy Shield Framework

Author: 
Coverage Type: 

The EU-US Privacy Shield Framework was designed by the US Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.

The Privacy Shield Framework provides a set of robust and enforceable protections for the personal data of EU individuals. The Framework provides transparency regarding how participating companies use personal data, strong U.S. government oversight, and increased cooperation with EU data protection authorities (DPAs). The European Commission deemed the Privacy Shield Framework adequate to enable data transfers under EU law. Commerce will allow companies time to review the Framework and update their compliance programs and then, on August 1, will begin accepting certifications. To join the Privacy Shield Framework, a US-based company will be required to self-certify to the Department of Commerce and publicly commit to comply with the Framework’s requirements. While joining the Privacy Shield Framework will be voluntary, once an eligible company makes the public commitment to comply with the Framework’s requirements, the commitment will become enforceable under U.S. law. All companies interested in joining the Privacy Shield Framework should review its requirements in their entirety.


Overview of the EU-US Privacy Shield Framework Remarks (Secretary of Commerce Penny Pritzker) EU-US Privacy Shield agreement goes into effect (The Verge)