The EU-U.S. and Swiss-U.S. Data Privacy Frameworks were developed by the U.S. Department of Commerce in consultation with the European Commission and Swiss Government, and with industry and other stakeholders, to provide companies on both sides of the Atlantic with a valid legal mechanism to comply with data protection requirements when transferring personal data from the European Union (EU) and Switzerland to the United States in support of transatlantic commerce.
The Data Privacy Framework program administered by the U.S. Department of Commerce enables U.S.-based companies to join one or both of the Data Privacy Frameworks in order to benefit from the adequacy determinations. To join either Data Privacy Framework, a U.S.-based company will be required to self-certify to the Department of Commerce and publicly commit to comply with the Data Privacy Framework Principles, including the Supplemental Principles requirements. While joining Data Privacy Framework is voluntary, once an eligible company makes the public commitment to comply with the requirements, the commitment will become enforceable under U.S. law.
Approval of the EU-U.S. Data Privacy Framework, which replaces the U.S.-EU Safe Harbor Framework, was announced on July 12, 2016. The Department began accepting EU-U.S. Data Privacy Framework self-certifications on August 1, 2016. Approval of the Swiss-U.S. Data Privacy Framework, which replaces the U.S. Swiss Safe Harbor Framework, was announced on January 12, 2017. The Department began accepting EU-U.S. Data Privacy Framework self-certifications on August 1, 2016.
The Data Privacy Framework program administered by the U.S. Department of Commerce delivers a number of key benefits:
1. Enhanced Dispute Resolution systems with additional reporting criteria.
2. A US based Privacy Ombudsperson to handle complaints regarding data access by US Intelligence agencies.
3. Stricter controls on onward transfer of data once outside of the European Union and Switzerland.
4. Liability remaining with data controllers after the onward transfer of data to third-party agent.
5. The option for binding arbitration to handle unresolved complaints.
6. Increased co operation between the Department of Commerce and the European Commssion and the Swiss Federal Data Protection and Information Commissioner, including an annual review of the program when appropriate.
For more information view the EU-U.S. Privacy Shield Timeline
The PrivacyTrust Data Privacy Framework program is designed to assist companies self-cerifying to the U.S. Department of Commerce that they comply with the EU-U.S. Data Privacy Framework and/or the Swiss-U.S. Data Privacy Framework as set forth by the Department. The PrivacyTrust Data Privacy Framework program provides guidance prior to and during the self-certification application process, along with support afterwards. PrivacyTrust provides such companies with a dispute resolution service (independent recourse mechanism) and an outside compliance review (verification) service.
Related: See also GDPR