Privacy Shield certifications begin trickling in

Although several companies say they have self-certified under the Privacy Shield framework, the U.S. Department of Commerce did not immediately list their compliance

The U.S. Department of Commerce is not just rubber-stamping applications to join the new Privacy Shield data protection program: 24 hours after companies began certifying their compliance, the administration's website still listed no approvals.

Microsoft was among the first businesses to certify that it complied with the new rules for transferring European Union citizens' personal information to the U.S. when the Commerce Department's International Trade Administration began accepting applications on Monday.

"We expect it to be approved in the coming days," Microsoft Vice President for EU Government Affairs John Frank wrote on a company blog.

The company isn't waiting for official approval to begin applying the new rules, he said. "Going forward, any data which we will transfer from Europe to the U.S. will be protected by the Privacy Shield’s safeguards."

Workday, a provider of cloud-based HR and finance services, also submitted its self-certification Monday, it said.

The ITA will have its work cut out if all the organizations that self-certified under Privacy Shield's predecessor, the Safe Harbor Framework, choose to re-register. Some 5,534 organizations signed up to Safe Harbor during its 16-year lifespan, with the certification status still listed as "current" for 3,375 of them.

Safe Harbor was ruled inadequate by the Court of Justice of the EU last October, forcing EU and U.S. officials to come up with replacement rules to allow the transatlantic flow of personal information to continue legally. Many multinational businesses are reliant on such transfers for internal functions, such as payroll processing, or for processing customer information.

EU and U.S. officials agreed the new rules on July 12, and the Commerce Department said it would begin accepting certifications from Aug. 1. It set out a five-point plan for organizations to ensure their self-certifications can be accepted.

First up, they must be sure they are eligible to participate: Banks and telecommunications operators, for example, aren't covered by the program. Next, they must develop a clear, concise privacy policy that meets all the Privacy Shield Principles. The policy must identify the independent recourse mechanism an organization will use in case of dispute, typically either a U.S.-based arbitration service or an agreement to work with European data protection authorities. Self-certifiers must also set out how they plan to verify they are in compliance. Finally, they must designate a Privacy Shield contact -- someone who will be able to respond to complaints within 45 days.

Although businesses self-certify their compliance with the Privacy Shield rules, the process isn't free.

The Commerce Department charges a fee for processing their annual applications and adding them to the register. The processing fee ranges from $250 for organizations with revenue under US$5 million up to $3,250 for those with revenue over $5 billion.

On top of that, organizations will have to pay to join an arbitration service or to cover the costs of data protection authorities dealing with complaints.

Join the PC World newsletter!

Error: Please check your email address.

Tags Safe HarborPrivacy Shield

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Peter Sayer

IDG News Service
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?