Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
European Union privacy regulators have issued EU-U.S. Privacy Shield data transfer framework complaint forms and process rules for individuals who are unable to resolve personal data use issues with companies.
Under the Privacy Shield, an informal panel of EU privacy regulators would be able to step in if individuals are unable to resolve privacy complaints directly with Privacy Shield-certified organizations that have transferred their personal data to the U.S. The informal panel would be able to act in cases involving the personal data of employees, or where Privacy Shield-certified organizations have agreed to submit to oversight by EU regulators.
“U.S. organizations have to respond to inquiries and comply with the advice given by the panel,” Carlo Piltz, a data protection lawyer with Reuschlaw Legal Consultants in Berlin, told Bloomberg BNA Feb. 21.
Peter Van Dyck, an information technology and data protection senior associate with Allen & Overy LLP in Brussels, told Bloomberg BNA Feb. 21 that the documents give clear instructions for making complaints and are “certainly to be welcomed.”
The publication of the documents shows that EU privacy regulators “are serious about acting” on Privacy Shield complaints. Despite some criticism of the Privacy Shield voiced by the Article 29 Working Party of data protection officials from the 28 EU countries, their issuance of the complaint process rules and forms shows that the regulators “haven’t written off the Privacy Shield,” Van Dyck said.
The informal panel may refer unresolved cases to the U.S. Federal Trade Commission for enforcement action. Alternatively, the panel might inform the U.S. Department of Commerce, which could rescind the Privacy Shield certification of noncompliant organizations.
The Privacy Shield allows U.S. companies that self-certify with the Commerce Department their compliance with EU-approved privacy and security principles to legally transfer personal data from the EU to the U.S. The Privacy Shield is relied upon by over 1,000 U.S. companies, including Alphabet Inc.'s Google, Microsoft Corp. and Facebook Inc., as well as thousands more EU companies that send data to those U.S. companies.
The Privacy Shield arrangement is backed up by an amended U.S. Privacy Act that allows EU citizens to seek to file a court action in the U.S. over allegations of government misuse of personal data sent to the U.S. under the Shield program. EU citizens may also file complaints with an ombudsman established in the U.S. State Department. EU privacy regulators and other officials are seeking assurances from President Donald Trump of the continuing commitment of the U.S. to the Privacy Shield.
The regulators said that the informal panel would consist of a lead regulatory office, which would be the agency that received a complaint from an EU citizen against a Privacy Shield certified organization. In most instances, the lead regulator would be assisted by two “co-reviewer” regulatory offices chosen by the lead regulatory office.
In selecting the co-reviewers, the lead regulator would take into account “in whose jurisdiction the EU headquarter or significant subsidiaries of the U.S. company’s group are situated, if any,” the rules of procedure said.
The complaint form published with the rules of procedure is an optional form that EU individuals could use to submit Privacy Shield complaints to their EU country’s privacy regulator.
To contact the reporter on this story: Stephen Gardner in Brussels at email@example.com
To contact the editor responsible for this story: Donald G. Aplin at firstname.lastname@example.org
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)