Self-Certifying Under The EU-U.S. Privacy Shield

Like the “Safe Harbor” that it replaced, the EU-U.S. Privacy Shield is a voluntary self-certification program with the U.S. Department of Commerce. Underlying both programs is the basic fact the EU doubts that the U.S. ensures an adequate level of protection for the personal data of EU citizens. To date hundreds of U.S. companies have received active Privacy Shield certifications. The question for other companies is whether they should also self-certify, and the answer is not clear, according to attorneys Karin M. McGinnis, and Suzanne K. Gainey. In this Today’s General Counsel identifies, they look at some important considerations for companies deciding whether to “jump on the Privacy Shield bandwagon.” Although it’s voluntary, once you self-certify you’re responsible for maintaining compliance, they note, and non-compliance may be considered an unfair or deceptive trade practice by the FTC.