Menu
Privacy Shield certifications begin trickling in

Privacy Shield certifications begin trickling in

Although several companies say they have self-certified under the Privacy Shield framework, the U.S. Department of Commerce did not immediately list their compliance

The U.S. Department of Commerce is not just rubber-stamping applications to join the new Privacy Shield data protection program: 24 hours after companies began certifying their compliance, the administration's website still listed no approvals.

Microsoft was among the first businesses to certify that it complied with the new rules for transferring European Union citizens' personal information to the U.S. when the Commerce Department's International Trade Administration began accepting applications on Monday.

"We expect it to be approved in the coming days," Microsoft Vice President for EU Government Affairs John Frank wrote on a company blog.

The company isn't waiting for official approval to begin applying the new rules, he said. "Going forward, any data which we will transfer from Europe to the U.S. will be protected by the Privacy Shield’s safeguards."

Workday, a provider of cloud-based HR and finance services, also submitted its self-certification Monday, it said.

The ITA will have its work cut out if all the organizations that self-certified under Privacy Shield's predecessor, the Safe Harbor Framework, choose to re-register. Some 5,534 organizations signed up to Safe Harbor during its 16-year lifespan, with the certification status still listed as "current" for 3,375 of them.

Safe Harbor was ruled inadequate by the Court of Justice of the EU last October, forcing EU and U.S. officials to come up with replacement rules to allow the transatlantic flow of personal information to continue legally. Many multinational businesses are reliant on such transfers for internal functions, such as payroll processing, or for processing customer information.

EU and U.S. officials agreed the new rules on July 12, and the Commerce Department said it would begin accepting certifications from Aug. 1. It set out a five-point plan for organizations to ensure their self-certifications can be accepted.

First up, they must be sure they are eligible to participate: Banks and telecommunications operators, for example, aren't covered by the program. Next, they must develop a clear, concise privacy policy that meets all the Privacy Shield Principles. The policy must identify the independent recourse mechanism an organization will use in case of dispute, typically either a U.S.-based arbitration service or an agreement to work with European data protection authorities. Self-certifiers must also set out how they plan to verify they are in compliance. Finally, they must designate a Privacy Shield contact -- someone who will be able to respond to complaints within 45 days.

Although businesses self-certify their compliance with the Privacy Shield rules, the process isn't free.

The Commerce Department charges a fee for processing their annual applications and adding them to the register. The processing fee ranges from $250 for organizations with revenue under US$5 million up to $3,250 for those with revenue over $5 billion.

On top of that, organizations will have to pay to join an arbitration service or to cover the costs of data protection authorities dealing with complaints.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Safe HarborPrivacy Shield

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments