Updated on: January 01, 2020
Effective Date: January 01, 2020
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. You get more info from this external link: https://www.privacyshield.gov
Wremia, Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.
Will the Privacy Shield continue to serve as a data transfer mechanism under the EU General Data Protection Regulation (GDPR)?
- Yes. Article 45 of the GDPR provides for the continuity of adequacy determinations made under the EU’s 1995 Data Protection Directive, one of which was the adequacy decision on the EU-U.S. Privacy Shield.
- The Privacy Shield was also designed with an eye to the GDPR, addressing both substantive and procedural elements.
- For instance, the Privacy Shield includes an annual review, which was designed to address the GDPR’s requirement for a mechanism for a periodic review, at least once every four years, of relevant developments.
- It is important to note that Privacy Shield is not a GDPR compliance mechanism, but rather is a mechanism that enables participating companies to meet the EU requirements for transferring personal data to third countries, discussed in Chapter V of the GDPR.
Does the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) affect the Privacy Shield Framework?
The CLOUD Act involves data transfers for law enforcement purposes. It does not conflict with the Privacy Shield Framework, which provides a legal basis under EU law for transfers of personal data from the EU to participating US organizations. The Privacy Shield Framework is unrelated to, and unaffected by, the CLOUD Act.
Privacy Shield and the UK
During the Transition Period, the European Commission’s decision on the adequacy of the protection provided by Privacy Shield will continue to apply to transfers of personal data from the UK to Privacy Shield participants.