For over 15 years, a Minnesota business could qualify to transfer personal data from EU countries if it participated in the EU-U.S. Safe Harbor Program. This Safe Harbor Program is no longer available. On October 6, 2015, the European Court of Justice invalidated the EU- U.S. Safe Harbor Agreement that allowed the storage and processing of personal data of EU citizens so long as the business self-certified compliance with certain privacy policies and procedures. Privacy Shield. On February 2, 2016, the European Commission and U.S. Department of Commerce announced a new data transfer framework, the EU-U.S. Privacy Shield, to replace the invalidated Safe Harbor Agreement. The Privacy Shield included a new federal ombudsman to oversee intelligence access to EU citizen data, a multi- step complaint resolution process for EU citizens, and a number of other new provisions. The Privacy Shield was more stringent than the Safe Harbor relative to enforcement, remedies, onward transfer restrictions, certification, and notice and choice obligations. On July 12, 2016, the European Commission approved the EU-U.S. Privacy Shield Framework. The Privacy Shield consisted of 7 key principles: • Notice: An organization must inform individuals about what data it collects, the purposes for which such data is collected, and the type or identity of third parties to whom data might be disclosed. • Choice: An organization must allow individuals the opportunity to opt out of having their data disclosed to third parties or used for purposes other than those for which it was originally collected. Organizations must obtain affirmative express (opt-in) consent to disclose sensitive information (such as medical conditions, racial information, etc.) or to use such information for purposes other than those for which it was collected. • Accountability for Onward Transfer: Organizations must enter into contracts with any third parties to whom they transfer personal information. These contracts must specify that the data may only be processed for limited and specified purposes. 147
Made with FlippingBook - Online Brochure Maker