This Month Only! >> $20 off and a FREE SHRM tote with your membership and code TOTE2018!
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 12 cities across the U.S. this spring.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
On June 12, the European Commission adopted the EU-U.S. Privacy Shield, ending a type of limbo for U.S. companies that had been relying on alternatives for the transfer of personal data ever since the Safe Harbor agreement between the U.S. and the European Commission was nullified last October.
The shield replaces the Safe Harbor agreement, which was nullified by the Court of Justice of the European Union in
Schrems v. Data Protection Commissioner.
Self-certification of compliance with the shield by U.S. organizations begins Aug. 1, 2016.
SHRM Online reported on
Schrems earlier this year, "Maximillian Schrems, an Austrian national, filed a complaint with the Irish Data Protection Commissioner (Irish DPC) asking it to prohibit Facebook Ireland Ltd. from transferring his personal data to Facebook Inc. in the United States."
Based in part on revelations made by whistle-blower Edward Snowden concerning surveillance activities by U.S. intelligence, Schrems believed U.S. laws didn't guarantee "adequate protection" of his personal data. However, the Irish DPC rebuffed Schrems' complaint, saying there was no evidence that his personal data had been accessed. The Irish DPC also found that the Safe Harbor agreement provided adequate protection for any personal data transferred to the U.S.
Schrems challenged the ruling before the European Court of Justice, which found in his favor.
"The European high court struck down the Safe Harbor agreement, in part, because the U.S. government retains the right to access data in the U.S. for national security and law enforcement purposes and does not permit EU citizens to make complaints regarding the misuse of their personal data. The decision authorizes each [member country's] Data Protection Commissioner to consider individual claims asserting that the transfer of personal data from the EU to other countries violates EU privacy laws,"
SHRM Online reported.
According to U.S. Secretary of Commerce Penny Pritzker, U.S. companies will be given until Aug. 1 to review the Privacy Shield to enable a "smooth transition."
In an interview with
SHRM Online July 15, privacy attorney Philip Gordon, a shareholder in Littler Mendelson's Denver office and co-chair of the firm's privacy and background checks practice group, said that "more than 4,000 U.S. companies relied on Safe Harbor for cross-border data transfers." But after nullification of the law, "U.S. companies had to make a decision whether to use a different data mechanism or fly under the radar." He said the alternatives companies used to transfer HR data included standard contractual clauses and binding corporate rules.
Companies will now need to decide "whether they will continue to rely on the measures they put in place in response to the invalidation of Safe Harbor or switch to the Privacy Shield," Gordon noted.
An analysis of the shield provided to
SHRM Online from Morrison & Foerster, an international law firm with 17 offices in the United States, Asia and Europe, states that "at first glance, the shield bears a strong resemblance to Safe Harbor, which misled some commentators to denounce it as a mere duplicate in disguise. However, the shield introduces substantial changes for data protection, including additional rights for EU individuals, stricter compliance requirements for U.S. organizations, and further limitations on government access to personal data."
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 10,000 companies