The February 29, 2016 announcement of the new EU-U.S. data transfer framework—the Privacy Shield—was accompanied by over 130 pages of documentation and significantly more operational details than its predecessor, Safe Harbor. We have reviewed the Privacy Shield materials and published a comprehensive breakdown of the changes from Safe Harbor to Privacy Shield and the practical impact on business: Inside the New and Improved EU-U.S. Data Transfer Framework.
In general, the Privacy Shield imposes more specific and exacting measures on U.S. organizations wishing to join the framework. It also includes additional checks and balances designed to make sure that the rights of EU individuals can be exercised when their data is being processed in the United States. That said, the seven Privacy Shield Principles are largely aligned with the privacy practices followed by Safe Harbor participants and found in other global privacy compliance programs, and should not be an insurmountable burden for companies looking to shift from Safe Harbor compliance to Privacy Shield compliance.
To access the full text of Inside the New and Improved EU-U.S. Data Transfer Framework, first published on Law360, click here.