Privacy Shield Grace Period is Ending, Are you Ready?

March 20, 2017

Soon companies that self-certified with the Department of Commerce (DOC) last fall before the September 30, 2016 deadline will have the 9 month “grace period” come to a close. The grace period was given to these companies so that they could ensure that all of their third party vendors met the Accountability for Onward Transfer principle. The grace period ends soon, meaning that the deadline is fast approaching. The Privacy Shield  Accountability for Onward Transfer principle, Section II, 3.b., states: To transfer personal data to a third party acting as an agent, organizations must: (i) transfer such data only for limited and specified … Continue reading Privacy Shield Grace Period is Ending, Are you Ready?

5 Benefits of APEC CBPR Certification You Should Know About

March 13, 2017

1) Jurisdiction-Specific Transfer Benefits: In Japan, companies that have a CBPR certification do not have to obtain consent to transfer data to another country, which is otherwise required under Japanese law. 2) Facilitation of APEC-European Interoperability: An APEC CBPR certification may make it easier for an organization to obtain approval of their Binding Corporate Rules in the European Union. Since 2013, APEC member Economies and EU officials have been collaborating to promote interoperability between the two regional transfer mechanisms. 3) Alignment with Global Frameworks: An APEC CBPR certification is based on many of the same principles that inform the OECD … Continue reading 5 Benefits of APEC CBPR Certification You Should Know About

Play Store Requires Privacy Policies

February 28, 2017

Google recently informed some developers with apps on its storefront that it will be penalizing apps on its Google Play Store that do not have privacy policies adhering to its User Data Policy. According to Next Web, Google emailed a notice to developers stating that violations of the User Data Policy would result in their apps’ visibility being limited or removed altogether. The User Policy states: You must be transparent in how you handle user data (e.g., information provided by a user, collected about a user, and collected about a user’s use of the app or device), including by disclosing … Continue reading Play Store Requires Privacy Policies

Swiss-US Privacy Shield Replaces U.S.-Swiss Safe Harbor

February 24, 2017

Last month the United States Department of Commerce and Switzerland’s Federal Council declared that the new Swiss-US Privacy Shield Framework will be the successor to the Swiss-US Safe Harbor framework. The Swiss-US Safe Harbor framework was declared invalid in October 2015 following the European Union Court of Justice’s decision that the EU-US Safe Harbor was an inadequate legal mechanism for personal data transfers to the US. Since then, officials have drafted the new framework to ensure that the Swiss-US Privacy Shield Framework improves upon the U.S.- Swiss Safe Harbor framework by including stricter data protection principles. These include enhanced requirements … Continue reading Swiss-US Privacy Shield Replaces U.S.-Swiss Safe Harbor

Argentina GDPR-like Data Privacy Bill

February 21, 2017

As previously described in our blog post “Doing Business with Argentina Just got Easier“, change appears afoot in the land of silver’s data protection law, in order to keep pace with evolving digital technologies and global regulatory regimes. Whereas in December 2016 the Argentine Data Protection Agency (DPA) issued a report proposing changes to the national Data Protection Act (Act) after nearly a year of public consultation, this month the DPA released a draft bill to update the sixteen-year-old Act in line with many of the European Union’s General Data Protection Regulation (GDPR)’s new requirements taking effect in May 2018. … Continue reading Argentina GDPR-like Data Privacy Bill

How to Get Started with GDPR Planning

February 16, 2017

Eleanor Treharne-Jones, VP Consulting at TRUSTe will be joining Lewis Barr, General Counsel and VP, Privacy, at Janrain for the first installment of a General Data Protection Regulation (GDPR) webinar series. Lewis and Eleanor will discuss: How personal data of EU citizens can be managed and processed under this new regulation. How it applies to all organizations that offer goods or services to EU residents or monitor their behaviour in the EU regardless of location. How, if found noncompliant, your organization could face penalties as high as 4% of your global revenue. What practical steps to take to prepare for GDPR. … Continue reading How to Get Started with GDPR Planning