Department of Commerce

As noted in our post yesterday, the text of the EU-U.S. Privacy Shield, the upcoming trans-Atlantic data-transfer framework between the EU and U.S. to replace the invalidated U.S.-EU Safe Harbor, has been released by the U.S. Department of Commerce.  Commerce’s release coincided with the release of a draft adequacy decision by the European Commission.

A number of the Privacy Shield principles, notably in enforcement, onward transfer, and regular review, are significantly more stringent than the Safe Harbor.  In light of these new obligations, among others, privacy professionals should carefully consider whether this data-transfer framework is right for their companies.

  1. Tougher and Binding Remedies and Enforcement

In addition to FTC enforcement under Section 5, the Principles encourage individuals to bring their complaints directly to the organization at issue, to which the signatory must respond within 45 days.  If the complaint is not resolved, the consumer may bring his or her complaint before an independent dispute resolution body.  The Principles allow signatories to utilize U.S.- or EU-based dispute resolution bodies, or a panel of EU member state data protection authorities (DPAs).Continue Reading Privacy Shield: Top Five Reasons It’s Tougher Than the Safe Harbor, Whether You Should Certify, and Next Steps

Today, the European Commission published the text of the new EU-U.S. Privacy Shield (see the Commission’s press release here), which consists of:

  • a draft adequacy decision;
  • the EU-U.S. Privacy Shield Framework Principles issued by the U.S. Department of Commerce; and
  • the official representations and commitments contained in separate letters from:
    • Secretary of Commerce Penny Pritzker (Annex I);
    • Secretary of State John Kerry (Annex III);
    • Federal Trade Commission Chairwoman Edith Ramirez (Annex IV),
    • Secretary of Transportation, Anthony Foxx (Annex V);
    • General Counsel Robert Litt, Office of the Director of National Intelligence (Annex VI); and
    • Deputy Assistant Attorney General Bruce Swartz, U.S. Department of Justice (Annex VII).

In addition, the European Commission issued a Communication titled “Transatlantic Data Flows: Restoring Trust through Strong Safeguards” which presents the developments and the Commission’s findings since its critical 2013 Communication on the Functioning of the Safe Harbor, a Q&A and a Fact sheet.
Continue Reading EU-U.S. Privacy Shield Package Released

As we reported yesterday, the United States and the European Commission have reached a political agreement on a new framework for transatlantic data flows, referred to as the EU-U.S. Privacy Shield.  The U.S. Department of Commerce (“Commerce”) released a fact sheet yesterday to coincide with the announcement of the agreement.
Continue Reading Commerce Releases Fact Sheet on the EU-U.S. Privacy Shield

On October 23, the Trans-Atlantic Business Dialogue held a briefing session on the EU-U.S. Safe Harbor Agreement.  Ted Dean, Deputy Assistant Secretary at the U.S. Department of Commerce, gave an update on the negotiations with the European Commission.  Following the Snowden revelations and a resolution of the European Parliament, the
Continue Reading Trans-Atlantic Business Dialogue Holds Briefing Session on EU-U.S. Safe Harbor Agreement

Executive Order 13,636 on Improving Critical Infrastructure Cybersecurity directs the National Institute of Standards and Technology (“NIST”) to develop a Cybersecurity Framework  of standards, methodologies, and processes for addressing cybersecurity risk.  It also charges the Department of Homeland Security with developing a Critical Infrastructure Cybersecurity Program to promote adoption of

Continue Reading Covington Files Comments on Cybersecurity Incentives

Privacy stakeholders gathered today at NTIA to once again discuss how the group might move forward in developing a code of conduct for mobile app transparency.  While no decisions were made, the group identified a number of topics that would be appropriate to tackle early in the process.  There also

Continue Reading NTIA Privacy Multistakeholder Group Discusses Process, Substance

As noted in our coverage of the inaugural Privacy Multistakeholder Meeting, NTIA promised to release meeting notes and the results of informal polls taken during the meeting.  This information is now available on NTIA’s website, and includes notes in document format and images of the flipcharts used during

Continue Reading NTIA Releases Notes from First Privacy Multistakeholder Meeting; Announces Next Meeting Dates

The Office of Information and Regulatory Affairs (OIRA) recently released a model Privacy Impact Assessment (PIA) that federal agencies must use before they employ third-party websites and applications to communicate with the public.  The new rules issued by OIRA, an arm of the White House’s Office of Management and Budget (OMB), build on rules the agency issued in June 2010.Continue Reading OIRA Releases Privacy Impact Assessment for Agency Use of Third-Party Websites

In a speech this week at the U.S. Chamber of Commerce, White House Deputy Chief Technology Officer for Internet Policy Daniel Weitzner announced that the Administration will soon roll out a “privacy bill of rights,” which he described as a “broad, high-level statement of principles” that could be enforced
Continue Reading White House To Roll Out “Privacy Bill of Rights”

Jon Leibowitz, chairman of the Federal Trade Commission, and Cameron Kerry, general counsel of the Department of Commerce, spoke today about the need for industry codes of conduct to address emerging privacy issues.  They were the featured speakers at an event held by the Brookings Institution on strategies to protect consumer privacy while ensuring continued innovation on the Internet.

As we previously discussed, the Commerce Department has called for baseline consumer privacy protections that would serve as the basis for codes of conduct that specify how the baseline principles apply in particular contexts.  At today’s event, Kerry provided more detail about the Department’s proposal.Continue Reading FTC, Commerce Department Reiterate Support for Industry Codes of Conduct