SlideShare a Scribd company logo

Privacy shield what you need to know about storing eu data slideshare

Freddy Ntwari
Freddy Ntwari

What You Need to Know About Storing EU Data.

Education
1 of 39
Download to read offline
Privacy Shield – What You Need To Know About Storing EU Data | 1 Privacy Shield What You Need to KnowAbout Storing EU Data
Privacy Shield – What You Need To Know About Storing EU Data | 2 Overview & Agenda • Overview on global data protection • The Past: EU-U.S. Safe Harbour • The Present: EU-U.S. Privacy Shield • How the Privacy Shield Differs from the Safe Harbour • Deep Dive: The Framework • Options to Prove You’re Compliant • What is the Future? • Q/A
Privacy Shield – What You Need To Know About Storing EU Data | 3 Overview on Global Data Protection
Privacy Shield – What You Need To Know About Storing EU Data | 4 Overview Regulate the collection, use, storage, disclosure, and other processing of “personally identifiable information” or “PII” • Name and other “identifiers,” and any other data that can be linked with the identified or identifiable person or device. • Employees, consumers, contractors, corporate customer contacts, supplier contacts, website visitors, business partner contacts, end users, and other individuals.
Privacy Shield – What You Need To Know About Storing EU Data | 5 Overview Two approaches to regulation globally: • United States: Sector-specific (HIPAA/HITECH, GLBA/FCRA, and the like) and data-specific (SSNs, bank account, credit/debit card numbers, username/password to online account) • European Union: Omnibus privacy laws applicable to all personal data, regardless of sector, category of individual, or type of personal data; local hurdles on collection and processing + additional restrictions on cross-border transfers • EU tends to lead the rest of the non-US world
Privacy Shield – What You Need To Know About Storing EU Data | 6 Some Examples Privacy Shield – What You Need To Know About Storing EU Data | 6 • Business manifestations • Cloud and sourcing • Global HR databases • Customer relationship management (CRM) applications • Websites and mobile apps • Mergers and acquisitions
Privacy Shield – What You Need To Know About Storing EU Data | 7 Some Examples Privacy Shield – What You Need To Know About Storing EU Data | 7 • Compliance manifestations • Whistleblower hotlines • Email and internet monitoring • Internal investigations • E-discovery and legal demands • Data security and breach notice
Privacy Shield – What You Need To Know About Storing EU Data | 8 1995 EC Data Protection Directive (95/46/EC) • Omnibus regulation for industry sectors • Implemented by Member States into national data protection laws • Local compliance issues • Cross-border data transfer restrictions
Privacy Shield – What You Need To Know About Storing EU Data | 9 The Past: EU Safe Harbour
Privacy Shield – What You Need To Know About Storing EU Data | 10
Privacy Shield – What You Need To Know About Storing EU Data | 11Privacy Shield – What You Need To Know About Storing EU Data | 11
Privacy Shield – What You Need To Know About Storing EU Data | 12 Background on Schrems Who is Max Schrems? He is an Austrian privacy activist who campaigns against Facebook for privacy violation, including its violations of European privacy laws and alleged transfer of personal data to the US National Security Agency (NSA) as part of the NSA's PRISM programme. He has founded a group called Europe v Facebook and as of February 2015 has initiated two lawsuits involving Facebook.
Privacy Shield – What You Need To Know About Storing EU Data | 13 Background on Schrems How did the invalidation process get started? • On 20 November 2014, Schrems said at a conference convened in Brussels by the International Association of Privacy Professionals that his group would go on a head-on collision with Safe Harbour, an E.U.- U.S. agreement that allows over 3,000 U.S. companies, including Google, Facebook, and Apple, to repatriate European personal data. Schrems argues that in practice it does not give the consumer any protection.[12]
Privacy Shield – What You Need To Know About Storing EU Data | 14 Background on Schrems How did the invalidation process get started? • In Schrems, the European Court of Justice (Court) invalidated the US-EU Safe Harbor Privacy Arrangement (“Safe Harbor) on October 6, 2015 • Safe Harbor had served as the EC adequacy finding for the United States for fifteen years • The Court specified that Safe Harbor was not adequate because of the apparent absence of sufficient protections within Safe Harbor against US government surveillance and corresponding redress for EU citizens (not “essentially equivalent”)
Privacy Shield – What You Need To Know About Storing EU Data | 15 Current Developments • Initial Article 29 Working Party Opinion on Schrems (Oct 16, 2015): – Transfers relying solely on Safe Harbor unlawful – Model contracts and binding corporate rules can be used at present, although under examination for concerns about government surveillance – Collective action to be considered if no resolution on “Safe Harbor 2.0” by the end of January 2016 • Various individual data protection authority opinions (e.g., German data protection authorities, UK Information Commissioner, and the like). • EU-US Privacy Shield (Safe Harbor 2.0) announced as agreed upon between the European Commission and the US Department of Commerce and other authorities on February 2, 2016 (ahead of WP meeting) • Other developments (to be discussed after Privacy Shield overview)
Privacy Shield – What You Need To Know About Storing EU Data | 16 The Present: EU-U.S. Privacy Shield
Privacy Shield – What You Need To Know About Storing EU Data | 17 "​The EU-U.S. Privacy Shield is a tremendous victory for privacy, individuals, and businesses on both sides of the Atlantic." - U.S. Secretary of Commerce Penny Pritzker
Privacy Shield – What You Need To Know About Storing EU Data | 18 EU-U.S. Privacy Shield Privacy Shield – What You Need To Know About Storing EU Data | 18
Privacy Shield – What You Need To Know About Storing EU Data | 19 Why Was It Designed? https://www.e-education.psu.edu/cloudGIS/node/91 • The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
Privacy Shield – What You Need To Know About Storing EU Data | 20 Why Was It Designed? https://www.e-education.psu.edu/cloudGIS/node/91 • The Privacy Shield Framework provides a set of robust and enforceable protections for the personal data of EU individuals. The Framework provides transparency regarding how participating companies use personal data, strong U.S. government oversight, and increased cooperation with EU data protection authorities (DPAs). The European Commission deemed the Privacy Shield Framework adequate to enable data transfers under EU law. Commerce will allow companies time to review the Framework and update their compliance programs and then, on August 1, will begin accepting certifications • On February 29, 2016, the European Commission issued its draft decision and the US documents for the EU-US Privacy Shield Arrangement.
Privacy Shield – What You Need To Know About Storing EU Data | 21 Why Was It Designed? https://www.e-education.psu.edu/cloudGIS/node/91 • The US-issued Privacy Shield documents are: – A commitment from the US Secretary of Commerce to devote all necessary resources to adhere fully to the requirements of the Privacy Shield – Twenty Two Privacy Shield Principles, along with Arbitration Procedures – Letters from the Federal Trade Commission and the Department of Transportation (commercial enforcement authority) – Letters from the Office of the Director of National Intelligence (ODNI) (surveillance law and policy), the Department of State (surveillance redress), and the Department of Justice (criminal law enforcement law and policy)
Privacy Shield – What You Need To Know About Storing EU Data | 22 Why Was It Designed? https://www.e-education.psu.edu/cloudGIS/node/91 • The European Commission is now (i) evaluating the non-binding views of the Article 29 Working Party of Data Protection Authorities, the European Parliament, the European Data Protection Supervisor, and (ii) consulting with the Article 31 Member State Representatives • Finalized and went into affect June 2016.
Privacy Shield – What You Need To Know About Storing EU Data | 23 Certification https://www.e-education.psu.edu/cloudGIS/node/91 • Self-certify • Department of Commerce • Voluntary • Eligible - Committed
Privacy Shield – What You Need To Know About Storing EU Data | 24 How the Privacy Shield Differs from the Safe Harbour
Privacy Shield – What You Need To Know About Storing EU Data | 25 Enhancements from the Safe Harbour https://www.e-education.psu.edu/cloudGIS/node/91 • Expanded privacy notices • Strengthened standards on data transfers • Reinforced certification/ recertification • Clarified retention standards • Commissioned recourse mechanisms
Privacy Shield – What You Need To Know About Storing EU Data | 26 Deep Dive: The Framework
Privacy Shield – What You Need To Know About Storing EU Data | 27 Key Definitions and Clarifications https://www.e-education.psu.edu/cloudGIS/node/91 • Personal and sensitive information • Controllers vs. processors • Publicly available data • Exceptions Privacy Shield – What You Need To Know About Storing EU Data | 27
Privacy Shield – What You Need To Know About Storing EU Data | 28 Notice https://www.e-education.psu.edu/cloudGIS/node/91 • Required points of presentation • Must detail: – Commitment to the Privacy Shield – Aspects of the privacy life cycle and individual rights – Recourse, enforcement and liability • Exceptions
Privacy Shield – What You Need To Know About Storing EU Data | 29 Choice https://www.e-education.psu.edu/cloudGIS/node/91 • Required points of presentation • Opt-out vs. opt-in mechanisms • Exceptions Privacy Shield – What You Need To Know About Storing EU Data | 29
Privacy Shield – What You Need To Know About Storing EU Data | 30 Accountability for Onward Transfer https://www.e-education.psu.edu/cloudGIS/node/91 • Contracting with third parties acting as controllers and agents • Limiting transfers to specified purposes • Noncompliance remediation and processing cessation • Exceptions
Privacy Shield – What You Need To Know About Storing EU Data | 31 Security https://www.e-education.psu.edu/cloudGIS/node/91 Privacy Shield – What You Need To Know About Storing EU Data | 31
Privacy Shield – What You Need To Know About Storing EU Data | 32 Data Integrity and Purpose Limitation https://www.e-education.psu.edu/cloudGIS/node/91 • Collection and processing limitation • Data veracity controls • Retention standards
Privacy Shield – What You Need To Know About Storing EU Data | 33 Access https://www.e-education.psu.edu/cloudGIS/node/91 • Fielding requests for access to and the correction and deletion of data • Communications • Facilitating requests • Exceptions
Privacy Shield – What You Need To Know About Storing EU Data | 34 Recourse, Enforcement and Liability https://www.e-education.psu.edu/cloudGIS/node/91 • Direct handling of individuals’ complaints • Independent recourse mechanisms • Cooperation with DPAs • Arbitration
Privacy Shield – What You Need To Know About Storing EU Data | 35 Government Surveillance https://www.e-education.psu.edu/cloudGIS/node/91 Privacy Shield – What You Need To Know About Storing EU Data | 35
Privacy Shield – What You Need To Know About Storing EU Data | 36 Options to Prove You’re Compliant
Privacy Shield – What You Need To Know About Storing EU Data | 37 Certification and Periodic Assessment https://www.e-education.psu.edu/cloudGIS/node/91 • Initiation • Self-assessment vs. outside reviews
Privacy Shield – What You Need To Know About Storing EU Data | 38 What is the Future?
Privacy Shield – What You Need To Know About Storing EU Data | 39 • Pivoting on updates • Challenges • Iterations • Verification • Enterprise adoption The Near Term and Long Term Privacy Shield – What You Need To Know About Storing EU Data | 39

Recommended

The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Agustin Argelich Casals
 
Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Agustin Argelich Casals
 
EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
 
Cours CyberSécurité - Privacy
Cours CyberSécurité - PrivacyCours CyberSécurité - Privacy
Cours CyberSécurité - PrivacyFranck Franchin
 
The EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowThe EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowSophos Benelux
 
Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016Kate Chan
 

Recommended

The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Agustin Argelich Casals
 
Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Agustin Argelich Casals
 
EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
 
Cours CyberSécurité - Privacy
Cours CyberSécurité - PrivacyCours CyberSécurité - Privacy
Cours CyberSécurité - PrivacyFranck Franchin
 
The EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowThe EU Data Protection Regulation - what you need to know
The EU Data Protection Regulation - what you need to knowSophos Benelux
 
Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016Kate Chan
 
2011 10-12whatiseutimberregulation-111018054148-phpapp01
2011 10-12whatiseutimberregulation-111018054148-phpapp012011 10-12whatiseutimberregulation-111018054148-phpapp01
2011 10-12whatiseutimberregulation-111018054148-phpapp01LoggingOff
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
 
Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Kimberly Verska
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionDavid Erdos
 
Програма аташе з питань прав на інтелектуальну власність Бюро з реєстрації па...
Програма аташе з питань прав на інтелектуальну власність Бюро з реєстрації па...Програма аташе з питань прав на інтелектуальну власність Бюро з реєстрації па...
Програма аташе з питань прав на інтелектуальну власність Бюро з реєстрації па...nadeh
 
DMA Scotland: Legal update
DMA Scotland: Legal updateDMA Scotland: Legal update
DMA Scotland: Legal updateRachel Aldighieri
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection RegulationRamiro Cid
 
Steve Purser
Steve Purser Steve Purser
Steve Purser globalforum11
 
Uia presentation Eng
Uia presentation EngUia presentation Eng
Uia presentation EngFabio Marazzi
 
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...EUDAT
 
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...AltheimPrivacy
 
What is EU timber regulation?
What is EU timber regulation?What is EU timber regulation?
What is EU timber regulation?FERN
 
DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015Saira Nayak, JD, CIPP/US/E
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementGACC_Midwest
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldParsons Behle & Latimer
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...Ulf Mattsson
 
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...TrustArc
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...TrustArc
 
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...TrustArc
 
EU Trade Secrets Directive & Data Protection Changes
EU Trade Secrets Directive & Data Protection ChangesEU Trade Secrets Directive & Data Protection Changes
EU Trade Secrets Directive & Data Protection ChangesThe International Business Structuring Association
 

More Related Content

What's hot

2011 10-12whatiseutimberregulation-111018054148-phpapp01
2011 10-12whatiseutimberregulation-111018054148-phpapp012011 10-12whatiseutimberregulation-111018054148-phpapp01
2011 10-12whatiseutimberregulation-111018054148-phpapp01LoggingOff
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
 
Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Kimberly Verska
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionDavid Erdos
 
Програма аташе з питань прав на інтелектуальну власність Бюро з реєстрації па...
Програма аташе з питань прав на інтелектуальну власність Бюро з реєстрації па...Програма аташе з питань прав на інтелектуальну власність Бюро з реєстрації па...
Програма аташе з питань прав на інтелектуальну власність Бюро з реєстрації па...nadeh
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection RegulationRamiro Cid
 
Uia presentation Eng
Uia presentation EngUia presentation Eng
Uia presentation EngFabio Marazzi
 
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...EUDAT
 
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...AltheimPrivacy
 
What is EU timber regulation?
What is EU timber regulation?What is EU timber regulation?
What is EU timber regulation?FERN
 
DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015Saira Nayak, JD, CIPP/US/E
 

What's hot (13)

2011 10-12whatiseutimberregulation-111018054148-phpapp01
2011 10-12whatiseutimberregulation-111018054148-phpapp012011 10-12whatiseutimberregulation-111018054148-phpapp01
2011 10-12whatiseutimberregulation-111018054148-phpapp01
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities
 
Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data Protection
 
Програма аташе з питань прав на інтелектуальну власність Бюро з реєстрації па...
Програма аташе з питань прав на інтелектуальну власність Бюро з реєстрації па...Програма аташе з питань прав на інтелектуальну власність Бюро з реєстрації па...
Програма аташе з питань прав на інтелектуальну власність Бюро з реєстрації па...
 
DMA Scotland: Legal update
DMA Scotland: Legal updateDMA Scotland: Legal update
DMA Scotland: Legal update
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection Regulation
 
Steve Purser
Steve Purser Steve Purser
Steve Purser
 
Uia presentation Eng
Uia presentation EngUia presentation Eng
Uia presentation Eng
 
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
Personal data: Legal Issues in Research Data Collection and Sharing by EUDAT ...
 
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
 
What is EU timber regulation?
What is EU timber regulation?What is EU timber regulation?
What is EU timber regulation?
 
DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015DP on both sides of the Atlantic - august 2015
DP on both sides of the Atlantic - august 2015
 

Similar to Privacy shield what you need to know about storing eu data slideshare

EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementGACC_Midwest
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldParsons Behle & Latimer
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...Ulf Mattsson
 
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...TrustArc
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...TrustArc
 
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...TrustArc
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
Privacy Laws in Europe
Privacy Laws in EuropePrivacy Laws in Europe
Privacy Laws in EuropeMartyn Ripley
 
US – EU Safe Harbor for Cross-Border Data
US – EU Safe Harbor for Cross-Border DataUS – EU Safe Harbor for Cross-Border Data
US – EU Safe Harbor for Cross-Border DataMark Aldrich
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor WebinarEthisphere
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDResilient Systems
 
Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy Raymond Cunningham
 
EU–US Privacy Shield has Flaws
EU–US Privacy Shield has FlawsEU–US Privacy Shield has Flaws
EU–US Privacy Shield has FlawsThierry Debels
 
Mind Your Business: Why Privacy Matters to the Successful Enterprise
Mind Your Business: Why Privacy Matters to the Successful Enterprise Mind Your Business: Why Privacy Matters to the Successful Enterprise
Mind Your Business: Why Privacy Matters to the Successful EnterpriseEric Kavanagh
 

Similar to Privacy shield what you need to know about storing eu data slideshare (20)

EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor Replacement
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe Harbor
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy Shield
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...
TrustArc Webinar: New EU-US Data Transfer Agreement - An Important Milestone ...
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
 
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
 
EU Trade Secrets Directive & Data Protection Changes
EU Trade Secrets Directive & Data Protection ChangesEU Trade Secrets Directive & Data Protection Changes
EU Trade Secrets Directive & Data Protection Changes
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
Privacy Laws in Europe
Privacy Laws in EuropePrivacy Laws in Europe
Privacy Laws in Europe
 
US – EU Safe Harbor for Cross-Border Data
US – EU Safe Harbor for Cross-Border DataUS – EU Safe Harbor for Cross-Border Data
US – EU Safe Harbor for Cross-Border Data
 
2017 10 26 webinar - gdpr final
2017 10 26 webinar - gdpr final2017 10 26 webinar - gdpr final
2017 10 26 webinar - gdpr final
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor Webinar
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUD
 
Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...
 
Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy
 
EU–US Privacy Shield has Flaws
EU–US Privacy Shield has FlawsEU–US Privacy Shield has Flaws
EU–US Privacy Shield has Flaws
 
Mind Your Business: Why Privacy Matters to the Successful Enterprise
Mind Your Business: Why Privacy Matters to the Successful Enterprise Mind Your Business: Why Privacy Matters to the Successful Enterprise
Mind Your Business: Why Privacy Matters to the Successful Enterprise
 
Apps World Privacy Keynote
Apps World Privacy KeynoteApps World Privacy Keynote
Apps World Privacy Keynote
 

Recently uploaded

How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 

Recently uploaded (20)

How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 

Privacy shield what you need to know about storing eu data slideshare

  • 1. Privacy Shield – What You Need To Know About Storing EU Data | 1 Privacy Shield What You Need to KnowAbout Storing EU Data
  • 2. Privacy Shield – What You Need To Know About Storing EU Data | 2 Overview & Agenda • Overview on global data protection • The Past: EU-U.S. Safe Harbour • The Present: EU-U.S. Privacy Shield • How the Privacy Shield Differs from the Safe Harbour • Deep Dive: The Framework • Options to Prove You’re Compliant • What is the Future? • Q/A
  • 3. Privacy Shield – What You Need To Know About Storing EU Data | 3 Overview on Global Data Protection
  • 4. Privacy Shield – What You Need To Know About Storing EU Data | 4 Overview Regulate the collection, use, storage, disclosure, and other processing of “personally identifiable information” or “PII” • Name and other “identifiers,” and any other data that can be linked with the identified or identifiable person or device. • Employees, consumers, contractors, corporate customer contacts, supplier contacts, website visitors, business partner contacts, end users, and other individuals.
  • 5. Privacy Shield – What You Need To Know About Storing EU Data | 5 Overview Two approaches to regulation globally: • United States: Sector-specific (HIPAA/HITECH, GLBA/FCRA, and the like) and data-specific (SSNs, bank account, credit/debit card numbers, username/password to online account) • European Union: Omnibus privacy laws applicable to all personal data, regardless of sector, category of individual, or type of personal data; local hurdles on collection and processing + additional restrictions on cross-border transfers • EU tends to lead the rest of the non-US world
  • 6. Privacy Shield – What You Need To Know About Storing EU Data | 6 Some Examples Privacy Shield – What You Need To Know About Storing EU Data | 6 • Business manifestations • Cloud and sourcing • Global HR databases • Customer relationship management (CRM) applications • Websites and mobile apps • Mergers and acquisitions
  • 7. Privacy Shield – What You Need To Know About Storing EU Data | 7 Some Examples Privacy Shield – What You Need To Know About Storing EU Data | 7 • Compliance manifestations • Whistleblower hotlines • Email and internet monitoring • Internal investigations • E-discovery and legal demands • Data security and breach notice
  • 8. Privacy Shield – What You Need To Know About Storing EU Data | 8 1995 EC Data Protection Directive (95/46/EC) • Omnibus regulation for industry sectors • Implemented by Member States into national data protection laws • Local compliance issues • Cross-border data transfer restrictions
  • 9. Privacy Shield – What You Need To Know About Storing EU Data | 9 The Past: EU Safe Harbour
  • 10. Privacy Shield – What You Need To Know About Storing EU Data | 10
  • 11. Privacy Shield – What You Need To Know About Storing EU Data | 11Privacy Shield – What You Need To Know About Storing EU Data | 11
  • 12. Privacy Shield – What You Need To Know About Storing EU Data | 12 Background on Schrems Who is Max Schrems? He is an Austrian privacy activist who campaigns against Facebook for privacy violation, including its violations of European privacy laws and alleged transfer of personal data to the US National Security Agency (NSA) as part of the NSA's PRISM programme. He has founded a group called Europe v Facebook and as of February 2015 has initiated two lawsuits involving Facebook.
  • 13. Privacy Shield – What You Need To Know About Storing EU Data | 13 Background on Schrems How did the invalidation process get started? • On 20 November 2014, Schrems said at a conference convened in Brussels by the International Association of Privacy Professionals that his group would go on a head-on collision with Safe Harbour, an E.U.- U.S. agreement that allows over 3,000 U.S. companies, including Google, Facebook, and Apple, to repatriate European personal data. Schrems argues that in practice it does not give the consumer any protection.[12]
  • 14. Privacy Shield – What You Need To Know About Storing EU Data | 14 Background on Schrems How did the invalidation process get started? • In Schrems, the European Court of Justice (Court) invalidated the US-EU Safe Harbor Privacy Arrangement (“Safe Harbor) on October 6, 2015 • Safe Harbor had served as the EC adequacy finding for the United States for fifteen years • The Court specified that Safe Harbor was not adequate because of the apparent absence of sufficient protections within Safe Harbor against US government surveillance and corresponding redress for EU citizens (not “essentially equivalent”)
  • 15. Privacy Shield – What You Need To Know About Storing EU Data | 15 Current Developments • Initial Article 29 Working Party Opinion on Schrems (Oct 16, 2015): – Transfers relying solely on Safe Harbor unlawful – Model contracts and binding corporate rules can be used at present, although under examination for concerns about government surveillance – Collective action to be considered if no resolution on “Safe Harbor 2.0” by the end of January 2016 • Various individual data protection authority opinions (e.g., German data protection authorities, UK Information Commissioner, and the like). • EU-US Privacy Shield (Safe Harbor 2.0) announced as agreed upon between the European Commission and the US Department of Commerce and other authorities on February 2, 2016 (ahead of WP meeting) • Other developments (to be discussed after Privacy Shield overview)
  • 16. Privacy Shield – What You Need To Know About Storing EU Data | 16 The Present: EU-U.S. Privacy Shield
  • 17. Privacy Shield – What You Need To Know About Storing EU Data | 17 "​The EU-U.S. Privacy Shield is a tremendous victory for privacy, individuals, and businesses on both sides of the Atlantic." - U.S. Secretary of Commerce Penny Pritzker
  • 18. Privacy Shield – What You Need To Know About Storing EU Data | 18 EU-U.S. Privacy Shield Privacy Shield – What You Need To Know About Storing EU Data | 18
  • 19. Privacy Shield – What You Need To Know About Storing EU Data | 19 Why Was It Designed? https://www.e-education.psu.edu/cloudGIS/node/91 • The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
  • 20. Privacy Shield – What You Need To Know About Storing EU Data | 20 Why Was It Designed? https://www.e-education.psu.edu/cloudGIS/node/91 • The Privacy Shield Framework provides a set of robust and enforceable protections for the personal data of EU individuals. The Framework provides transparency regarding how participating companies use personal data, strong U.S. government oversight, and increased cooperation with EU data protection authorities (DPAs). The European Commission deemed the Privacy Shield Framework adequate to enable data transfers under EU law. Commerce will allow companies time to review the Framework and update their compliance programs and then, on August 1, will begin accepting certifications • On February 29, 2016, the European Commission issued its draft decision and the US documents for the EU-US Privacy Shield Arrangement.
  • 21. Privacy Shield – What You Need To Know About Storing EU Data | 21 Why Was It Designed? https://www.e-education.psu.edu/cloudGIS/node/91 • The US-issued Privacy Shield documents are: – A commitment from the US Secretary of Commerce to devote all necessary resources to adhere fully to the requirements of the Privacy Shield – Twenty Two Privacy Shield Principles, along with Arbitration Procedures – Letters from the Federal Trade Commission and the Department of Transportation (commercial enforcement authority) – Letters from the Office of the Director of National Intelligence (ODNI) (surveillance law and policy), the Department of State (surveillance redress), and the Department of Justice (criminal law enforcement law and policy)
  • 22. Privacy Shield – What You Need To Know About Storing EU Data | 22 Why Was It Designed? https://www.e-education.psu.edu/cloudGIS/node/91 • The European Commission is now (i) evaluating the non-binding views of the Article 29 Working Party of Data Protection Authorities, the European Parliament, the European Data Protection Supervisor, and (ii) consulting with the Article 31 Member State Representatives • Finalized and went into affect June 2016.
  • 23. Privacy Shield – What You Need To Know About Storing EU Data | 23 Certification https://www.e-education.psu.edu/cloudGIS/node/91 • Self-certify • Department of Commerce • Voluntary • Eligible - Committed
  • 24. Privacy Shield – What You Need To Know About Storing EU Data | 24 How the Privacy Shield Differs from the Safe Harbour
  • 25. Privacy Shield – What You Need To Know About Storing EU Data | 25 Enhancements from the Safe Harbour https://www.e-education.psu.edu/cloudGIS/node/91 • Expanded privacy notices • Strengthened standards on data transfers • Reinforced certification/ recertification • Clarified retention standards • Commissioned recourse mechanisms
  • 26. Privacy Shield – What You Need To Know About Storing EU Data | 26 Deep Dive: The Framework
  • 27. Privacy Shield – What You Need To Know About Storing EU Data | 27 Key Definitions and Clarifications https://www.e-education.psu.edu/cloudGIS/node/91 • Personal and sensitive information • Controllers vs. processors • Publicly available data • Exceptions Privacy Shield – What You Need To Know About Storing EU Data | 27
  • 28. Privacy Shield – What You Need To Know About Storing EU Data | 28 Notice https://www.e-education.psu.edu/cloudGIS/node/91 • Required points of presentation • Must detail: – Commitment to the Privacy Shield – Aspects of the privacy life cycle and individual rights – Recourse, enforcement and liability • Exceptions
  • 29. Privacy Shield – What You Need To Know About Storing EU Data | 29 Choice https://www.e-education.psu.edu/cloudGIS/node/91 • Required points of presentation • Opt-out vs. opt-in mechanisms • Exceptions Privacy Shield – What You Need To Know About Storing EU Data | 29
  • 30. Privacy Shield – What You Need To Know About Storing EU Data | 30 Accountability for Onward Transfer https://www.e-education.psu.edu/cloudGIS/node/91 • Contracting with third parties acting as controllers and agents • Limiting transfers to specified purposes • Noncompliance remediation and processing cessation • Exceptions
  • 31. Privacy Shield – What You Need To Know About Storing EU Data | 31 Security https://www.e-education.psu.edu/cloudGIS/node/91 Privacy Shield – What You Need To Know About Storing EU Data | 31
  • 32. Privacy Shield – What You Need To Know About Storing EU Data | 32 Data Integrity and Purpose Limitation https://www.e-education.psu.edu/cloudGIS/node/91 • Collection and processing limitation • Data veracity controls • Retention standards
  • 33. Privacy Shield – What You Need To Know About Storing EU Data | 33 Access https://www.e-education.psu.edu/cloudGIS/node/91 • Fielding requests for access to and the correction and deletion of data • Communications • Facilitating requests • Exceptions
  • 34. Privacy Shield – What You Need To Know About Storing EU Data | 34 Recourse, Enforcement and Liability https://www.e-education.psu.edu/cloudGIS/node/91 • Direct handling of individuals’ complaints • Independent recourse mechanisms • Cooperation with DPAs • Arbitration
  • 35. Privacy Shield – What You Need To Know About Storing EU Data | 35 Government Surveillance https://www.e-education.psu.edu/cloudGIS/node/91 Privacy Shield – What You Need To Know About Storing EU Data | 35
  • 36. Privacy Shield – What You Need To Know About Storing EU Data | 36 Options to Prove You’re Compliant
  • 37. Privacy Shield – What You Need To Know About Storing EU Data | 37 Certification and Periodic Assessment https://www.e-education.psu.edu/cloudGIS/node/91 • Initiation • Self-assessment vs. outside reviews
  • 38. Privacy Shield – What You Need To Know About Storing EU Data | 38 What is the Future?
  • 39. Privacy Shield – What You Need To Know About Storing EU Data | 39 • Pivoting on updates • Challenges • Iterations • Verification • Enterprise adoption The Near Term and Long Term Privacy Shield – What You Need To Know About Storing EU Data | 39