eDiscovery Daily Blog
You Have to Be Certifiable to be Privacy Shield Approved: eDiscovery Trends
At a session at The Master’s Conference Chicago event this week, there was an entire session dedicated to international eDiscovery and privacy considerations. Some of the discussion centered around the General Data Protection Regulation (GDPR), which is set to take effect next year (in almost exactly one year). Most of the rest of the discussion centered around the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
On July 12, 2016, the European Commission deemed the EU-U.S. Privacy Shield Framework adequate to enable data transfers under EU law (we covered the announcement of the EU-U.S. Privacy Shield here and the formal adoption here). On January 12, 2017, the Swiss Government announced the approval of the Swiss-U.S. Privacy Shield Framework as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States (we covered that one too here).
The Privacy Shield Principles lay out a set of requirements governing participating organizations’ use and treatment of personal data received from the EU and Switzerland. By joining the Privacy Shield, participants make a commitment to comply with these Principles that is enforceable under U.S. law. There are several benefits to becoming Privacy Shield certified, with the most important being that, as a participating organization, you are deemed to provide “adequate” privacy protection, which is a requirement for the transfer of personal data outside of the European Union under the EU Data Protection Directive and outside of Switzerland under the Swiss Federal Act on Data Protection.
The Privacy Shield site is here and the page for U.S. businesses to understand the benefits and requirements of participation in the Privacy Shield is here.
If you go to this page here, you can actually search for companies that are Privacy Shield certified. Surprisingly, only 2,150 organizations currently are certified at this point. Of course, in the eDiscovery world, a lot of those organizations may not matter to you, so Rob Robinson (in his Complex Discovery blog) was kind enough to identify here the eDiscovery providers that are currently certified (he also includes PDF copies of both Privacy Shield Frameworks). According to the list, there are 45 eDiscovery companies that are EU-U.S. Privacy Shield approved, of which only 17 are also Swiss-U.S. Privacy Shield certified. CloudNine is both EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield certified. Rob does note that the list may not be all inclusive, so check the link at the beginning of this paragraph if you have questions about a particular eDiscovery provider.
International data privacy issues and frameworks are one of the topics we’ll be discussing at our webcast on Wednesday, May 31. For more info on where to register, click here.
So, what do you think? Has your organization become Privacy Shield certified? As always, please share any comments you might have or if you’d like to know more about a particular topic.
eDiscovery Daily will resume with new posts next Tuesday.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.