4th Newsletter -> 29 July - 4 August 2016
Privacy Shield is fully operational
From the 1 August onwards companies can sign up to the Privacy Shield with the U.S. Department of Commerce who can verify that their privacy policies comply with data protection standards required by the EU-U.S. agreement signed in July.
The Commerce Department's International Trade Administration (ITA) began accepting applications on Monday, but the certification procedure faced some issues in the first 24 hours, as the administration's website listed no approvals in that time. Microsoft was among the first businesses to certify that it complied with the new rules for transferring European Union citizens' personal information to the U.S.
It is expected that the majority of the organisations (5,534) that signed up to the Safe Harbor Agreement, the predecessor to the Privacy Shield, will choose to self-certify with the ITA. Many multinational businesses are reliant on the EU-U.S. data transfers for internal functions, such as payroll processing, or for processing customer information.
Organisations wishing to certify must first make sure they are eligible to participate. For example, banks and telecommunications operators aren't covered by the program. Next, they must develop a privacy policy that meets all the Privacy Shield Principles. Organisations must also set out how they plan to verify their compliance and they must designate a Privacy Shield contact.
The Commerce Department charges a fee for processing their annual applications and adding them to the register. The processing fee ranges from $250 for organisations with revenue under US$5 million up to $3,250 for those with revenue over $5 billion.
Read more HERE
_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
European Commission launches a Guide to EU-U.S. Privacy Shield
With the Privacy Shield entering into force, the European Commission published a Guide for citizens explaining how individuals' data protection rights are guaranteed under this agreement. The Guide also explains what remedies are available to them if they consider their data has been misused and their data protection rights not respected.
You can find the whole Guide HERE
_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
Hamburg’s DPA wants to challenge the validity of Privacy Shield
Johannes Caspar, the Hamburg data protection authority (DPA), has publicly expressed his doubts about the adequacy decision issued by the European Commission on the Privacy Shield Agreement. In his opinion it is questionable whether the Agreement meets the principle of proportionality and judicial redress set out by the Court of Justice of the European Union (CJEU) in the Safe Harbor judgement (Case C-362/14).
The DPA expects that sooner or later the CJEU will assess whether the access by public U.S. authorities to personal data transferred under the Privacy Shield is limited to what is strictly necessary and proportionate in a democratic society. He also stated that If there is a legal way to seek reference to the CJEU the Hamburg’s DPA will take all appropriate steps for getting a ruling on the validity of the Commission’s decision.
Read more HERE
_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
MEP calls for investigation of mobile applications
MEP Marc Tarabella from Belgium, who sits on the European Parliament’s internal market and consumer protection committee, is the main complainant against the use of data of mobile application service providers. He said that a blatant lack of transparency leaves users in the dark about when, and to whom, their data is being sold.
The dating app Tinder is in the center of this criticisms for supposedly breaching EU data protection rules. There are calls for the app to be investigated by the European Commission over how it makes use of personal data. The main issue lies with the Tinder's terms, which are written in such a way that the owner Match Group Inc. can continue to use user data even when accounts are closed. But Tinder is not the only app called to be scrutinised - sport tracking app Runkeeper and dating app Happn are also facing potential investigations.
_______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
Compiled by Jernej Mavrič, email: jm@dp-recruitment.com
