EU-U.S. Privacy Shield Principles Released

On February 29, the U.S. Department of Commerce published the EU-U.S. Privacy Shield foundational documents, including the framework's updated principles. The European Commission (EC) published the draft adequacy decision for the new framework. While there are no major surprises in the documents, given the earlier press releases, publication will allow companies to begin planning compliance strategies.

For details on the differences between the previous framework (U.S.-EU Safe Harbor) and the new one, please join us on March 9 at Crowell & Moring in Washington, D.C. for a seminar on the EU-U.S. Privacy Shield and the forthcoming EU Data Protection Regulation (GDPR).

Crowell & Moring attorneys from our Brussels and D.C. offices will be joined by U.S. Department of Commerce Deputy Assistant Secretary Ted Dean, lead U.S. negotiator for the EU-U.S. Privacy Shield; and Oracle Vice President of Global Public Policy and Chief Privacy Strategist, Joseph Alhadeff. The seminar will focus on how the proposed framework/regulations differ from predecessors; adjustments to existing compliance programs that may be necessary to meet the new requirements; and hurdles/risks that may arise.

As for the implementation timeline of the EU-U.S. Privacy Shield, there remain several steps before the program is operational. The draft EU-U.S. Privacy Shield adequacy decision will now be subject to consultation by a committee of representatives of the EU Member States and their Data Protection Authorities (Article 29 Working Party), which will issue a (non-binding) opinion on April 12-13, 2016. Afterwards, the draft will have to pass the so called "comitology" (approval) process for EC decisions, which according to the EC, may take until June 2016. During that time, the U.S. will finalize the framework and put the agreed upon redress mechanisms in place.