Privacy Shield certifications begin trickling in

Although several companies say they have self-certified under the Privacy Shield framework, the U.S. Department of Commerce did not immediately list their compliance

The U.S. Department of Commerce is not just rubber-stamping applications to join the new Privacy Shield data protection program: 24 hours after companies began certifying their compliance, the administration's website still listed no approvals.

Microsoft was among the first businesses to certify that it complied with the new rules for transferring European Union citizens' personal information to the U.S. when the Commerce Department's International Trade Administration began accepting applications on Monday.

"We expect it to be approved in the coming days," Microsoft Vice President for EU Government Affairs John Frank wrote on a company blog.

The company isn't waiting for official approval to begin applying the new rules, he said. "Going forward, any data which we will transfer from Europe to the U.S. will be protected by the Privacy Shield’s safeguards."

Workday, a provider of cloud-based HR and finance services, also submitted its self-certification Monday, it said.

The ITA will have its work cut out if all the organizations that self-certified under Privacy Shield's predecessor, the Safe Harbor Framework, choose to re-register. Some 5,534 organizations signed up to Safe Harbor during its 16-year lifespan, with the certification status still listed as "current" for 3,375 of them.

Safe Harbor was ruled inadequate by the Court of Justice of the EU last October, forcing EU and U.S. officials to come up with replacement rules to allow the transatlantic flow of personal information to continue legally. Many multinational businesses are reliant on such transfers for internal functions, such as payroll processing, or for processing customer information.

EU and U.S. officials agreed the new rules on July 12, and the Commerce Department said it would begin accepting certifications from Aug. 1. It set out a five-point plan for organizations to ensure their self-certifications can be accepted.

First up, they must be sure they are eligible to participate: Banks and telecommunications operators, for example, aren't covered by the program. Next, they must develop a clear, concise privacy policy that meets all the Privacy Shield Principles. The policy must identify the independent recourse mechanism an organization will use in case of dispute, typically either a U.S.-based arbitration service or an agreement to work with European data protection authorities. Self-certifiers must also set out how they plan to verify they are in compliance. Finally, they must designate a Privacy Shield contact -- someone who will be able to respond to complaints within 45 days.

Although businesses self-certify their compliance with the Privacy Shield rules, the process isn't free.

The Commerce Department charges a fee for processing their annual applications and adding them to the register. The processing fee ranges from $250 for organizations with revenue under US$5 million up to $3,250 for those with revenue over $5 billion.

On top of that, organizations will have to pay to join an arbitration service or to cover the costs of data protection authorities dealing with complaints.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Safe HarborPrivacy Shield

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Peter Sayer

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?