On December 20, 2018, the Department of Commerce updated its frequently asked questions on the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks to clarify the effect of the UK’s planned withdrawal from the EU on March 29, 2019. The FAQs provide information on the steps Privacy Shield participants must take to receive personal data from the UK in reliance on the Privacy Shield after such time.
Continue Reading

On September 27, 2018, the Federal Trade Commission announced a settlement agreement with four companies – IDmission, LLC, mResource LLC, SmartStart Employment Screening, Inc., and VenPath, Inc. – over allegations that each company had falsely claimed to have valid certifications under the EU-U.S. Privacy Shield framework.
Continue Reading

On July 5, 2018, the European Parliament issued a nonbinding Resolution that calls on the European Commission to suspend the EU-U.S. Privacy Shield unless U.S. authorities can fully comply with the framework by September 1, 2018. The Resolution states that the data transfer mechanism does not provide the adequate level of protection of personal data as required by EU data protection law.
Continue Reading

On July 2, 2018, the Federal Trade Commission announced that California company ReadyTech Corporation agreed to settle FTC allegations that ReadyTech misrepresented it was in the process of being certified as compliant with the EU-U.S. Privacy Shield framework for lawfully transferring consumer data from the European Union to the United States.
Continue Reading