EU-US Privacy Shield
We explain what the EU-US Privacy Shield is all about.
Should personal data of your customers from the EU be transferred to the USA? Then you should now think about whether the EU-US Privacy Shield is the right legal basis for the transfer of data to the United States for your company. Because even between the EU and the US, data protection is an important issue that you should consider.
The EU-US Privacy Shield is a data protection agreement between the European Commission and the US Department of Commerce, which regulates the transfer of personal data from the EU to the US. This has been the successor to the invalidated Safe Harbor Agreement since 12.07.2016 and aims, above all, to better protect the privacy of European consumers and to increase transparency in terms of collecting, using and sharing data. The benefit to American companies is that they can immediately demonstrate, through a public certification under the Privacy Shield, that European privacy standards are adhered to in the company.
At the same time, the new Privacy Shield provisions also lead to a large need for action for participating American companies, as various data protection requirements must be met.
First it is necessary to sign up for the Privacy Shield www.privacyshield.gov self-certify and assure that you recognize and obey the Privacy Shield Principles. If this has been done, then one must first of all pay attention to the extensive information obligations stipulated by Principle I of the Privacy Shield Regulations. This information should be made clear and clear to the customer. These include the types of data collected and the purpose for which the data was collected. In addition, whether a transfer to third parties and if so, for what purpose. In this context, the potential liability of your company should also be clarified if data are passed on to unnamed third parties or if the third party uses the data incorrectly. Consumers should also be informed about their right of access to the data, their right to choose for what purpose the data may be used and their right to correct or update the data collected. In addition, your company must have an independent dispute resolution mechanism in place and communicate it to the consumer.
In addition to these there are other information requirements and also internal requirements, which you must fulfill as an American company. Violation of these principles can lead to complaints from consumers as well as to official or court orders and, as a result, to fines.
In order to participate in the EU – US Privacy Shield, the following information must be clearly visible:
Therefore, it is particularly important to be advised by a specialist from the beginning about this complex topic and not take any risks.
We already have well-known companies like the TeamSpeak Systems Inc. For the EU-US Privacy Shield certified and therefore know exactly what is important.
Lawyer Stephan Hendel as well as the entire law firm Gabler and Hendel will be happy to answer your questions. We also gladly take over the self-certification and the creation of a legally compliant Privacy Shield declaration.