We’ve discussed the nature of this before, but the EU-US Privacy Shield has gone into full effect. This program essentially restricts the ability of U.S. commercial entities to do business in the European Union due to the ability of the U.S. government to use international businesses to improperly conduct surveillance on citizens within the European Union. In response, the European Union removed the blanket ability of U.S. companies to do business with European Union members as part of the Safe Harbor provision. The Safe Harbor provision was loosely drafted in its self-certification, prompting the switch to the Privacy Shield today. As it stands now, this program is still in its fledgling stages, with registrations beginning on August 1, 2016. These registrations begin with a murky area of international commerce. So, how could one join the privacy shield? Is your organization even be eligible? What might happen if an organization refuses to participate?
How can you join the Privacy Shield?
The Privacy Shield is open to any business that is subject to regulation by the Federal Trade Commission (FTC) or Department of Transportation (DOT). In general, conducting business and affecting commerce would qualify entities under this regulation, although, there are some exceptions, such as, financial institutions, labor associations, and non-profit organizations that may not qualify. After meeting the base qualifications, an entity may then “self-certify” by coming up with a plan that meets the basic requirements of the EU-US Privacy Shield. This would include measures to protect the data of European customers and employees stationed in Europe, even after ending participation in the Privacy Shield.