EU-US Privacy Shield Agreement – What you need to know
On August 1, 2016 the United States – European Union data agreement known as Privacy Shield became operational.
From that date, companies have been able to sign up to the Privacy Shield with the United States Department of Commerce. The department will then analyze and verify that the applicant company is in line with the high data transfer standards set by the new agreement.
By August 15, however, only 40 companies had been certified as compliant by the US Department of Commerce for Privacy Shield, with 200 additional companies in process. On September 26, the search giant Google was officially certified as compliant, and users may have noticed a notification of it since then.
But many people may have a few questions about Privacy Shield:
- What is it exactly?
- Where did it come from?
- How will it affect me?
- Can I trust it?
- The US creates an Ombudsperson in order to handle EU citizen complaints about American organizations spying on their data
- The US Office of the Director of National Intelligence provides commitments in writing that there will be no mass surveillance of EU citizens’ personal data
- The US and EU will have an annual review to make sure Privacy Shield is working correctly
- Any breaches in personal data records have to be reported within 72 hours of discovery.
- Companies that violate the agreement will be fined up to €20 million or 4% of the company’s total annual worldwide gross revenue, whichever is higher.
- Participating organizations will have to undergo additional obligations for compliance and reporting, some of which may even continue after the organization leaves Privacy Shield.
- the process of data deletion
- the continuing massive amounts of data collected
- clarifications on the role of the new Ombudsperson