The EU-US Privacy Shield after Brexit: The US Commerce Department and the Information Commissioner’s Office Publish Guidance
After Brexit, can companies rely on the Privacy Shield Framework to receive personal data from the United Kingdom? This question has been answered on the Department of Commerce new website page, entitled Privacy Shield and the UK FAQs. The website outlines the steps that Privacy Shield participants must take to continue to receive UK personal data after Brexit.
Designed by the United States’ Department of Commerce and the European Commission, the Privacy Shield is one of several mechanisms in which personal data can be sent and shared between entities in the EU and the United States. The Privacy Shield framework thereby protects the fundamental digital rights of individuals who are in European Union, whilst encouraging transatlantic commerce. But when the United Kingdom leaves the European Union, what happens to data transfers in and out of the United Kingdom?
In summary, in order to continue to receive personal data from the UK in reliance on the Privacy Shield, the Commerce Department suggests that organisations update their Privacy Shield commitments before one of two “applicable dates”.
The “applicable date” will be either 31 December 2020 in the case of a “Transition Period” scenario, or 29 March 2019 in the case of a “No Transition Period” scenario, which is also known as “No Deal Brexit”. Failure to take these steps will result in an organisation being unable to rely on the Privacy Shield to receive personal data from the UK after the applicable date.
In its guidance on international transfers in the event of a No Deal Brexit, the Information Commissioner’s Office (ICO) confirmed that UK businesses will continue to be able to transfer personal data to US companies participating in the US Privacy Shield. However, those US organisations must update their public commitment to comply with the Privacy Shield and expressly state that those commitments apply to transfers of personal data from the UK.
If you have any questions on data protection issues impacting UK, European or American companies, please contact Jose Saras or Kelsey Farish.
You may also be interested in reading our previous update on the Privacy Shield, European Union and American officials launch review of Privacy Shield.