What You Need to Know About the 
EU-US Privacy Shield

It can be difficult enough to mechanically sort through hundreds or even thousands of digital documents while preparing for litigation. However, if you’re working with clients abroad, you’ll also need to comply with international standards, which can complicate the process further.

If your work involves international business, you’re likely familiar with the EU-US Privacy Shield.

Keeping with today’s modernized global culture, the agreement sets forth agreed-upon tenets for the international transmission of data, as outlined in the Privacy Shield Framework Program Overview. This ensures personal information that is transferred across the Atlantic from Europe to the U.S. for business-related purposes is protected by both countries.

To maintain a healthy flow of business between the continents, the agreement requires U.S. regulatory bodies to work with the EU in the interest of their citizens’ data protection, and must also offer satisfactory rectification of any situation where their data has been exploited.

A Brief History

The rise of digital data transmission brought about discussions of how to maintain citizens’ rights to privacy in the U.S. and abroad. These discussions and meetings between international leaders culminated in the International Safe Harbor Privacy Principles, an agreement crafted between 1998 and 2000 with a similar intent as the EU-US Privacy Shield.

It was formerly accepted by the European Commission, an EU institution responsible for proposing legislation and implementing decisions, in July of 2000. However, in the ensuing years, there were questions about compliance, and it was deemed outdated in 2015. The EU-US Privacy Shield was developed to take its place with updated provisions, but the agreement was not without controversy.

Self-Certification

If you’re working with a client who does business overseas, you can save everyone a headache and direct them to self-certify via the Privacy Shield Principles, if they have not already. Though you and your client may already be complying with these standards, having the seal of approval is a helpful way to instill faith in you and your client. Anyone using Privacy Shield Principles can also easily access and connect with a list of businesses who are also certified.

Most Recent Annual Review

The EU-U.S. Privacy Shield is subject to an annual review to maintain updates and discuss the effectiveness of the agreement. The second and most recent annual review occured on Oct. 19, 2018, in Brussels, where a meeting and review was held between U.S. government leaders, the European Commission their data protection authorities.

According to a press release announcing the meeting, “Since the Shield came into effect on 1 August 2016, nearly 4,000 U.S. companies have self-certified,” though the future of the agreement is uncertain at this point.

Trustpoint.One offers peace of mind through industry-leading security across our entire hosted platform environment. To protect your data, we’re not only Privacy Shield certified, but also SOC 2 Type 2, ISO 27001 and HIPPA certified, as well.

Contact us today to see how Trustpoint.One can help you during eDiscovery.