We live in a digitalised world, where the processing of personal data has intensified, and as a result, there is a need in the market to increase the processing capabilities. Now, the US is a big market and as such offers a variety of services and products such as cloud storage, marketing services, digital commerce, analytics and others.
Useful? Embed this infographic on your website.
Given the above, the EU through an adequacy decision has provided with a particular solution for the processing of personal data with US companies, which is called the EU-US Privacy Shield Framework (“Privacy Shield”). This framework is available since the 12 July 2016 and still valid until now; however, should be noted that its validity has been contested and is under the review of the Court of Justice of the European Union (CJEU).
But until the CJEU do not produce a decision, the Privacy Shield still in force and because of this currently, EU companies can transfer EU personal data to US companies as far as these US companies are Privacy Shield Certified (PSC) companies. To know which companies are PSC, please refer to www.privacyshield.gov/list
The process to use the Privacy Shield is pretty straight forward, EU businesses can transfer EU data to any US PSC company, but should be noted that the PSC only applies to companies regulated by the US Federal Trade Commission e.g. US financial institutions or communications providers can not benefit from the Privacy Shield.
As the last remark, in my opinion, it is advisable that before deciding to use the Privacy Shield, to examine the EU Parliament Resolution on this matter (see www.europarl.europa.eu) and assess the pros and cons in order to make a sound management decision.
Latest posts by Jessica Lam (see all)
- How to protect your personal data? - March 4, 2019
- Enforcement of judgement: Update CJEU Case C 210/16 - September 7, 2018
- Data Protection and Marketing - August 7, 2018