Tuesday, September 27, 2016
Model Contracts Clearly the Primary Mechanism for Importing EU Data
According to a survey of 600 privacy professionals carried out by the International Association of Privacy Professionals this summer, 81% of U.S. companies rely upon standard contractual clauses as the legal underpinning for data transfers from the EU to the U.S., and 89% of EU companies do also. Looking forward, only 34% of companies intend to use the EU-U.S. Privacy Shield framework, down from the 50% who used Safe Harbor in the past. Uncertainties over the long-term viability of Privacy Shield, as well as the length of the time lapse between the invalidation of Safe Harbor and the launch of Privacy Shield, are significant factors in the lessened interest in Privacy Shield. As of the third week in September, some 200 companies were said to have been become participants in Privacy Shield, up from the 107 in the first month, while self-certifications of hundreds more were reported to be in the DOC review pipeline. Surveys about legal mechanisms for data transfers, such as IAPP’s, fail to acknowledge and account for the fact that that many companies use multiple mechanisms, often for different data sets but sometimes for the same data. Nevertheless, market acceptance of Privacy Shield is likely to be significantly less than it was for Safe Harbor.