Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Companies operating in European Economic Area countries Iceland, Liechtenstein, and Norway will be able to more easily transfer personal data to the U.S. now that the EEA has adopted the European Union-U.S. Privacy Shield data transfer framework, privacy professionals told Bloomberg BNA.
Under the privacy laws of the three countries, companies must have a legal basis for transferring personal data outside their borders. Now the Privacy Shield provides a legal basis that is easy for companies doing business in the EEA countries to rely on to send personal data to any of the more than 2,100 U.S. companies that are certified under the program.
U.S. companies in the program are required to self-certify to the U.S. Department of Commerce compliance with general EU-approved privacy principles. Those companies that do business in the three EEA countries will also now be able to use the program as a legal basis to transfer personal data to themselves from those countries.
For example, U.S.-based companies approved under the Privacy Shield, such as Alphabet Inc.'s Google and IBM Corp., with operations in Norway may see a benefit from the EEA’s decision. Alphabet is the second largest technology company in the world with a $649.6 billion market capitalization, and IBM is the 13th largest technology company in the world with a $144.1 billion market capitalization, Bloomberg data show.
The Joint Committee of the European Economic Area (EEA) adopted the Privacy Shield July 7. As EEA members, Iceland, Liechtenstein, and Norway participate in the EU’s single market and through joint committee decisions adopt relevant EU laws. But they have no influence over the making of those laws.
There is a possibility that the U.K. will become an EEA member after Brexit. The U.K. government has said it will exit the EU single market as it leaves the bloc, but some government officials have argued for a more moderate approach.
Privacy Shield is the much anticipated replacement for the defunct Safe Harbor Program, which was invalidated by the European Court of Justice in October 2015 on the basis that it failed to sufficiently protect to the privacy of EU data subjects.
Helge Veum, head of technology at the Norwegian Data Protection Authority (DPA), told Bloomberg BNA that companies operating in Norway had been waiting for approval of the Privacy Shield.
“We had a lot of use of Safe Harbor so we’ll have a lot of use of Privacy Shield,” Veum said. For companies in Norway, “it’s common to use outsourced services and it’s common to use outsourced services in the U.S.,” he added.
The joint committee decision on Privacy Shield entered into force July 8. The decision included a declaration that the data protection commissioners of Iceland, Liechtenstein, and Norway should be able to participate in Privacy Shield panels with EU privacy regulators. The Privacy Shield pact mandates the creation of an “informal panel of EU DPAs” that could act in privacy disputes involving employee data, or when Privacy Shield-certified organizations have agreed to submit to oversight by EU regulators.
The EEA committee decision doesn’t need to be approved by the U.S. Commerce Department or the European Commission, the EU’s executive arm.
To contact the reporter on this story: Stephen Gardner in Brussels at firstname.lastname@example.org
To contact the editor responsible for this story: Donald G. Aplin at email@example.com
Full text of the EEA Joint Committee decision on Privacy Shield is available at http://src.bna.com/qHH
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)