A Side-by-Side Comparison of “Privacy Shield” and the “Safe Harbor”

More than 5,000 companies had taken advantage of the now defunct U.S.-EU Safe Harbor Framework. Those companies are now considering whether to join the newly approved “Privacy Shield,” and are trying to understand the difference between the old and new framework. As they do, these companies are faced with many questions: How does the Privacy Shield differ from Safe Harbor? Can you rely on the Model Clauses? Or would it make more sense to join the Privacy Shield? If so, what do you need to do to join?

To supplement our earlier publication, we have prepared a side-by-side comparison of the invalidated Safe Harbor and the new Privacy Shield. Over the next week, we will be publishing similar comparisons between Privacy Shield and other adequacy methods including the model controller-controller clauses and the model controller-processor clauses. If you would like to receive those comparisons, please register at www.bryancavedatamatters.com.

Click here to view the side-by-side comparison of the Safe Harbor and the Privacy Shield.


What You Need to Know About the New General Data Protection Regulation (GDPR) (2016)

The EU Parliament Committee on Civil Liberties, Justice, and Home Affairs (“LIBE”) finally released the text of the long anticipated new data protection law. While the law has not formally been enacted, its adoption at this point is considered pro forma. Once adopted, its provisions will go into effect in spring of 2018. The hope, and expectation, is that the GDPR will cause the EU to have a much more harmonized approach to data protection.

Here is what companies doing business in the EU need to know about the new General Data Protection Regulation (GDPR or Regulation)….


Privacy Shield: Safe Harbor 2.0? (2016)

As negotiators for the US Department of Commerce (“DOC”), Federal Trade Commission (“FTC”), and the European Commission move toward an agreement intended to allow continued US-EU data transfers, a closer look at the history of “Safe Harbor” and the proposed “Privacy Shield” framework leaves some questions unanswered.

Safe Harbor Invalidation
Under EU Data Protection Directive 95/46/EC (the “Directive”), personal data controlled in the EU may be transferred to countries outside the EU only when an “adequate level of protection” is guaranteed. From 2000 to 2015, thousands of companies achieved this adequacy status through the US-EU “Safe Harbor” framework, an annual certification process approved by the European Commission and made available to US companies subject to the jurisdiction of the FTC or Department of Transportation…..privacyshield

Webinar: Life After the Safe Harbor Under the “Privacy Shield”

March 3, 2016 at 12 p.m. EST

Companies of all types were caught off guard when the EU-U.S. Safe Harbor data transfer framework was invalidated in October 2015. In the months following the invalidation, many companies anxiously awaited a replacement for the original Safe Harbor framework. That replacement has now been announced in the form of the newly-negotiated “Privacy Shield” framework. Join Jana Fuchs and Jason Haislmaier as they discuss the details of the Privacy Shield framework, provide an update on the current status and timeline for the formal adoption of the Privacy Shield, and provide strategies for compliance in EU-U.S. cross border data transfers both now and following adoption of the Privacy Shield. Click here for more information or to register.

We are presenting this audio web cast through Celesq® Attorneys Ed Center in partnership with West LegalEdcenter.