Alternative mechanisms like Standard Contractual Clauses and Binding Corporate Rules can now show on transfer impact assessments that requirements around national security and government access are fulfilled and compliant under the Data Privacy Framework’s enhanced protections. The U.S. Department of Commerce launched the Data Privacy Framework (DPF) Program website, where U.S.-based organizations can submit for self-certification and find information on the framework. Businesses that remained certified to the Privacy Shield must now comply with the new EU-U.S. Data Privacy Framework principles to receive personal data transfers from the EU and European Economic Area. Those new to the framework can initiate the self-certification process online. Businesses are required to provide details about their privacy policy, reasons for data transfers, reporting mechanisms and more. Once confirmation is received from the Department of Commerce, companies can proceed with data transfers under the DPF. As we have seen with invalidation of the Safe Harbor and Privacy Sheld frameworks this new Data Privacy Framework may likewise see legal challenges. For the time being however it is a valid legal mechanism for the cross border transfer of personal data. The E-Privacy Directive and EU Cookie Law. A cookie is a simple text file that is stored on a user’s computer or mobile device when visiting certain websites. It allows the website to remember the user’s actions or preferences over a period of time. They are used to identify users, remember preferences, and complete shopping tasks without having to re-enter information. They can also be used for online behavioral target advertising. The use of cookies has become ubiquitous to e-commerce. The Directive on Privacy and Electronic Communications (E-Privacy Directive) [Directive 2002/58/EC (2002) (Amendments 2009)] was enacted to protect “the right to privacy in the electronic communication
159
Made with FlippingBook - Online Brochure Maker