The U.S. Department of Commerce (DOC) and the European Union (EU) through its executive arm the European Commission (EC) agreed last year to a so-called “Privacy Shield Framework” under which participating companies in the United States could transmit personal data, including human resources data, from EU member countries to the U.S. without violating EU privacy law. As part of the agreement, the Privacy Shield was made subject to annual review by the EC to ensure that it was providing an adequate level of protection.
The EC recently completed its first annual review of the Privacy Shield, and reached the favorable conclusion that it “continues to ensure an adequate level of protection for the personal data transferred from the EU to participating companies in the U.S.” As expected, the EC also offered some suggestions for improvement, which DOC says will serve as the basis for “continued cooperation in the year ahead.”
In a related development, the European Union is still on track to implement its new General Data Protection Regulation (GDPR) in May of next year, which will impose even stronger privacy protections for EU citizens and their data than required under current law. The Privacy Shield Framework will not be immediately affected, although it could be subject to change further down the road depending on whether the EC finds it is providing adequate protection under the new GDPR.
Members of the Center for Workplace Compliance (CWC) can read more here.