Smaller Businesses and the US / EU Privacy Shield Launch Today

If you have customers or employees in the European Union, you should look into signing up to operate under the US / EU Privacy Shield. Registration began this morning. It closes in two months.

Signing up means you self-certify you will be in compliance with tough privacy protection guidelines in exchange for a nine-month grace period to get ready. Then you have to recertify yearly.  If you collect information about Europeans and don’t sign up, you are subject to enforcement in fact one way or the other, with no grace period.

American overall enforcement will be the job of the US Department of Commerce. Their information on the whole process is on the Privacy Shield Framework website. Go to Requirements of Participation.

Privacy Shield negotiations went on for a while before it abruptly became a hurry up replacement for the EU Safe Harbor struck down last fall by a European court. Now Privacy Shield is under attack in Europe, but no matter what the outcome count on continual EU efforts to protect the privacy of their citizens aggressively.

Smaller manufacturers and retailers dealing directly with EU consumers will find compliance pretty challenging. One example is the complaint process.

Participating companies must have complaint forms and respond to consumer complaints in 45 days. And if the response doesn’t work, they must provide the consumer an “independent recourse mechanism” to resolve the dispute.

And the participating company must pay for everything regardless of outcome. TRUSTe, the Better Business Bureau, and the International Institute for Conflict Prevention and Resolution (CPR) are among those offering services.

Remedies and sanctions that could be imposed start with fixing the privacy issue, but go on to include public statements, loss of certification, and compensation to the consumer.

Signing up is truly a choice, and it should be informed. Staying informed about privacy protection obligations will remain an evolving process. Whether forced by legal developments or not, every company needs a privacy protection officer. Even if your size means that is a person with three or four other titles.

About Craig Pinkus

Craig Pinkus is a partner in the Intellectual Property Group. He also is a member of the Litigation and the Sports, Entertainment and Media Groups. He assists clients with a broad range of disputes and transactions involving all areas of intellectual property, entertainment, and other complex business arrangements. He has conducted trials and arbitrations throughout the United States and has argued appeals before the Seventh, Sixth and Federal Circuit Courts of Appeal, the Indiana appellate courts, and United States Supreme Court.
This entry was posted in Uncategorized and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s