Friday, July 29, 2016
Game On: Dept. of Commerce Launches Privacy Shield Website
On July 26, the same day as the Article 29 Working Party issued its statement of ongoing concerns about Privacy Shield, the U.S. Department of Commerce launched its website for the new data transfer framework. The website contains the full text of the Privacy Shield Principles (both basic and supplemental), Annex I, and related letters and attachments from the Department of Commerce, the International Trade Association, the FTC, the Department of Transportation, the Department of State, the Office of the Director of National Intelligence and the Department of Justice. It also contains guidance for organizations on how to self-certify for the program, for European companies and individuals on how to determine if a U.S. company is a Privacy Shield participant, and for European individuals to submit either a complaint or a request relating to U.S. national security access to their data. (Note: When launched, the website indicated, in a departure from Safe Harbor requirements, that the HR privacy policies of participants would have to be publicly available; however, this statement was subsequently retracted.) A procedure for direct contact by DPAs to the DOC’s Privacy Shield team, as well as a link to a new FTC website about their oversight and enforcement activities, is also included. The Department of Commerce will begin accepting self-certifications under Privacy Shield on August 1.