Menu
Privacy Shield certifications begin trickling in

Privacy Shield certifications begin trickling in

Although several companies say they have self-certified under the Privacy Shield framework, the U.S. Department of Commerce did not immediately list their compliance

The U.S. Department of Commerce is not just rubber-stamping applications to join the new Privacy Shield data protection program: 24 hours after companies began certifying their compliance, the administration's website still listed no approvals.

Microsoft was among the first businesses to certify that it complied with the new rules for transferring European Union citizens' personal information to the U.S. when the Commerce Department's International Trade Administration began accepting applications on Monday.

"We expect it to be approved in the coming days," Microsoft Vice President for EU Government Affairs John Frank wrote on a company blog.

The company isn't waiting for official approval to begin applying the new rules, he said. "Going forward, any data which we will transfer from Europe to the U.S. will be protected by the Privacy Shield’s safeguards."

Workday, a provider of cloud-based HR and finance services, also submitted its self-certification Monday, it said.

The ITA will have its work cut out if all the organizations that self-certified under Privacy Shield's predecessor, the Safe Harbor Framework, choose to re-register. Some 5,534 organizations signed up to Safe Harbor during its 16-year lifespan, with the certification status still listed as "current" for 3,375 of them.

Safe Harbor was ruled inadequate by the Court of Justice of the EU last October, forcing EU and U.S. officials to come up with replacement rules to allow the transatlantic flow of personal information to continue legally. Many multinational businesses are reliant on such transfers for internal functions, such as payroll processing, or for processing customer information.

EU and U.S. officials agreed the new rules on July 12, and the Commerce Department said it would begin accepting certifications from Aug. 1. It set out a five-point plan for organizations to ensure their self-certifications can be accepted.

First up, they must be sure they are eligible to participate: Banks and telecommunications operators, for example, aren't covered by the program. Next, they must develop a clear, concise privacy policy that meets all the Privacy Shield Principles. The policy must identify the independent recourse mechanism an organization will use in case of dispute, typically either a U.S.-based arbitration service or an agreement to work with European data protection authorities. Self-certifiers must also set out how they plan to verify they are in compliance. Finally, they must designate a Privacy Shield contact -- someone who will be able to respond to complaints within 45 days.

Although businesses self-certify their compliance with the Privacy Shield rules, the process isn't free.

The Commerce Department charges a fee for processing their annual applications and adding them to the register. The processing fee ranges from $250 for organizations with revenue under US$5 million up to $3,250 for those with revenue over $5 billion.

On top of that, organizations will have to pay to join an arbitration service or to cover the costs of data protection authorities dealing with complaints.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Safe HarborPrivacy Shield

Featured

Slideshows

Meet the leading customer-centric Microsoft channel partners

Meet the leading customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the leading customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments