“Adequacy” seems to be the hardest word.

On the brink of Brexit and the UK becoming a “third country” without a so called “adequacy” status for the cross border transfer of personal data from the European Union — Could California have its own Privacy Shield arrangement separate from the rest of the U.S.?

This question

In a complaint, the Federal Trade Commission alleges that between January 2017 and October 2018, RagingWire Data Centers, Inc. claimed in its online privacy policy that the company participated in the Privacy Shield framework and complied with the program’s requirements, even though it had allowed its certification to lapse in January 2018.

The Department of

The European Commission expects the U.S. Department of Commerce (DoC) to request from companies evidence of the privacy provisions of the relevant contracts with third parties to assess compliance with the onward transfer principle.

Additional commercial takeaways from the EC’s third annual report on EU-U.S. Privacy Shield include:

  • The “grace period” for companies that missed

Privacy Shield lives to shield another year (Part 1).

The European Commission has published its third annual report on Privacy Shield.

Per Věra Jourová, Commissioner for Justice, Consumers and Gender Equality: “With around 5,000 participating companies, the Privacy Shield has become a success story. The annual review is an important health check for its functioning.

“Since the [EU US Privacy Shield] Framework’s implementation on August 1, 2016, more than 5,000 companies have made public and legally enforceable pledges to protect data transferred from the EU in accordance with the Privacy Shield Principles. The rapid and continued growth of the program demonstrates Privacy Shield’s vital role in protecting personal data and

The Federal Trade Commission has approved a final consent order settling charges that a background screening company falsely claimed to be in compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.

SecurTest, Inc. agreed in June to settle FTC charges that its website falsely claimed that it participated in the EU-U.S. and Swiss-U.S. Privacy Shield

“The Federal Trade Commission is aiming to bring more EU-U.S. Privacy Shield enforcement actions for significant violations of the cross-border data transfer program, the agency’s consumer protection chief said April 26.”

There are a group of cases the FTC is “looking at right now and they include” alleged substantive violations of the Privacy Shield program

Enforcement is increasing under the EU US Privacy Shield Framework for cross border transfer of personal data. A report published by European regulator, the European Data Protection Board (EDPB), lists enforcement initiatives by the Department of Commerce (DoC) and the FTC.

  • On a quarterly basis the DoC conducts “false claims reviews” to identify organizations that

IF Brexit AND Privacy Shield THEN (amend privacy notice).

If you use the EU U.S. Privacy Shield mechanism to transfer Personal Data from the UK to the U.S., you will need to amend your privacy disclosure to state specifically that the commitment extends to personal data received from the UK in reliance on Privacy Shield