Urgent Message: Privacy Shield Notices Need Updating Before No-Deal Brexit Withdrawal Date
Mar 18 2019
Privacy Shield participants must update their privacy notices by March 29, 2019 (if the UK crashes out of the EU then with no deal) to continue to rely on the Privacy Shield for UK to US transfers post-Brexit. Privacy Shield certification is available to US companies as a lawful mechanism to transfer personal data from the EU (and soon to be the EU and the UK) to the US as well as from Switzerland to the US (if companies register with both Privacy Shield Frameworks).
There is urgency to this task. With about ten days to go, affected US companies should to include required language in their privacy policies to beat the deadline. Companies relying on the Privacy Shield for non-human resources (HR) data only need to update their online privacy policies. Companies that also rely on Privacy Shield for HR data must also update those employee notices (if customer and employee notices are separate).
The US Department of Commerce provided model language to be added to applicable privacy notices on the Privacy Shield website available on its FAQ page: https://www.privacyshield.gov/article?id=Privacy-Shield-and-the-UK-FAQs .
After the Brexit date, companies that selected the EU Data Protection Authority as the independent recourse mechanism will be understood to have committed to cooperate and comply with UK’s Information Commissioner’s Office with regard to personal data received from the UK in reliance on Privacy Shield.
If you have any questions about the information in this alert or other questions related to privacy and data protection post-Brexit, then please contact the authors.
Sign up to receive fresh content delivered to your inbox weekly!
You are switching to the United States
This selection will switch the website from presenting information primarily about the United Kingdom to information about the United States. If you would like to switch back, you may use location selection options at the top of the page.
Although we would like to hear from you, we cannot represent you until we know that doing so will not create a conflict of interest. Also, we cannot treat unsolicited information as confidential. Accordingly, please do not send us any information about any legal matter until we authorize you to do so. To initiate a possible representation, please call one of our lawyers or staff members.
By clicking the “ACCEPT” button, you agree that we may review any information you transmit to us. You recognize that, even if you submit information that you consider confidential in an effort to retain us, our review of that information will not create an obligation on us to keep it confidential and will not preclude us from representing another client directly adverse to you, even in a matter where that information could and will be used against you.
Please click the “ACCEPT” button if you understand and accept the foregoing statement and wish to proceed.