Under the EU Data Protection Directive, all transfers of personal data from the European Economic Area (EEA) to the United States are considered prima facie unlawful unless there is an appropriate level of protection for the rights and freedoms of data subjects. [Read more…]
In order to join the Privacy Shield Framework, a U.S. organization must “self- certify” to the U.S. Department of Commerce (“DOC”) and publicly commit to comply with the Framework’s requirements. [Read more…]
On February 2, 2016, the EU and U.S. agreed on a new framework for transatlantic data flows: the EU-U.S. Privacy Shield (“Privacy Shield”). With respect to this new framework, U.S. companies with EU affiliates face two key questions:
- What impact will the Privacy Shield have on the use of Binding Corporate Rules (“BCR”)?
- What impact will the Privacy Shield have on data transfers into the European Economic Area (“EEA”)?
The United States: a country with a complex and unharmonized web of data privacy laws.
Instead of a single set of rules for the protection and use of personal data, the U.S. has more than 20 specific data privacy laws and more than 100 data security laws within the 50 states. [Read more…]