EU-U.S. Privacy Shield Review Report Outlines Steps To Improve Enforcement and Monitor Compliance

The Privacy Shield – a mechanism by which U.S. companies can legally transfer data to the European Union, continues to draw the attention of regulators and policymakers. On December 19, 2018, the European Commission (the Commission) announced the publication of its report on the second annual review of the EU-U.S. Privacy Shield. The report offers companies insight into what aspects of the Privacy Shield officials find most important and what steps are planned to strengthen enforcement and oversee compliance. Background The EU-U.S. Privacy Shield is a framework for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. Companies must self-certify that they meet the requirements of…

READ MORE

U.S. Federal Trade Commission Announces Settlement of First Privacy Shield Enforcement Action

On September 8, 2017, the Federal Trade Commission (FTC) announced settlement of its first enforcement action involving the terms of the Privacy Shield. Three companies – Decusoft, LLC, Tru Communication, Inc., and Md7, LLC were alleged to have violated the Federal Trade Commission Act (FTC Act) by falsely claiming that they were certified to the EU-U.S. Privacy Shield. In fact, they had not completed the certification process required. One of the companies, Decusoft, falsely claimed not to be certified to the Swiss-U.S. Privacy Shield. As part of their settlements with the FTC, the companies are prohibited from misrepresenting the extent to which they participate in any privacy or…

READ MORE

Achieved Compliance Approved for Participation in Privacy Shield: Program Essential to Any Company Moving Data from the EU to the U.S.

Achieved Compliance is pleased to announce that it has been approved to participate in the EU-U.S. “Privacy Shield” program. The Privacy Shield provides companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. The Privacy Shield updates the Safe Harbor regime that had supported data flows between the jurisdictions since 2000. As a participant in the Privacy Shield, Achieved Compliance meets all EU legal requirements for protection of data about EU citizens. Companies that use Achieved Compliance software and services can rest assured that we are committed to protecting data…

READ MORE

The Genesis for Achieved Compliance & PrivacyMinder™

I admit that, for many years I’d been skeptical about privacy and data protection regulation as too prescriptive and intrusive – as making too many demands on those who don’t have the benefit of extensive compliance staffs and well-funded resources. But after working with clients – companies like yours – I now am convinced that data protection and responsible data management are critical not only to legal compliance, but to business success. I believe that companies that take the steps necessary to meet the requirements of regulations like the General Data Protection Regulation (GDPR), the expectations of the U.S. Federal Trade Commission, or agreements like the Privacy Shield…

READ MORE

Non-Compliance with EU Law Is Still Not an Option

U.S companies hoping to avoid compliance with the requirements of EU law may want to think twice. It’s really time to get on with it. Despite early rhetoric from the Trump Administration, discussions between the U.S. Department of Commerce and the EU Commission last week indicate that the best course for businesses involving data about EU citizens is to take the steps necessary to comply. U.S. officials sent a clear message that they stand behind the commitments of their predecessors to promote compliance by U.S. businesses, at least with respect to the Privacy Shield. This likely reflects a broader U.S. government position that is pro-compliance. EU Justice Commissioner…

READ MORE