On July 12, 2016, the European Commission and the US Department of Commerce signed the EU-US Privacy Shield agreement, a much-anticipated framework for protecting personal data transferred from the European Union to the United States. Beginning on August 1, companies and other entities in the United States will be able to register with the Commerce Department, self-certifying their compliance with the Privacy Shield’s principles. Companies that certify with the Commerce Department in August and September will have a nine-month grace period in which to bring their existing commercial relationships with third parties in line with the Privacy Shield principles.

While there is risk that Privacy Shield will be struck down, companies in the United States are encouraged to immediately begin evaluating whether Privacy Shield is a preferred mechanism for their data transfers and what additional controls would be required to achieve compliance with the Privacy Shield principles.

Continue reading.