The EU–US Privacy Shield is a framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. One of its purposes is to enable US companies to more easily receive personal data from EU entities under EU privacy laws meant to protect European Union citizens.The EU–US Privacy Shield is a replacement for the International Safe Harbor Privacy Principles, which were declared invalid by the European Court of Justice in October 2015.
The Privacy Shield Principles comprise a set of seven commonly recognized privacy principles as follows:
- Accountability for Onward Transfer
- Data Integrity and Purpose Limitation
- Recourse, Enforcement and Liability
These Privacy Shield Principles, combined with 16 equally binding supplemental principles, lay out a set of requirements governing participating organizations’ use and treatment of personal data received from the EU under the Framework as well as the access and recourse mechanisms that participants must provide to individuals in the EU. Once an organization publicly commits to comply with the Privacy Shield Principles, that commitment is enforceable under U.S. law.
Rofori can help you understand Privacy Shield, its impact on your business, and support your self-assessment, readiness, and compliance.