Action Required: Privacy Shield Participants Must Update Privacy Policies for Brexit

With the deadline for a no-deal Brexit looming—the UK’s exit date from the European Union is now slated for April 12—companies certified to the EU-U.S. Privacy Shield should update their Privacy Shield privacy policies if they have not done so already to ensure that they are able to lawfully receive personal data from the UK post-Brexit. The UK Information Commissioner’s Office (ICO) clarified this past December that existing EU adequacy decisions, including the Privacy Shield framework, would remain lawful mechanisms to export personal data outside of the UK. Since then, the U.S. Department of Commerce (DOC) has published Privacy Shield and the UK FAQs, which clarify that organizations certified to Privacy Shield will not only need to maintain their current Privacy Shield certification (including annual recertification) but also add to their public Privacy Shield commitment a separate reference to treat UK-based data transfers as subject to their…

Read more detail on Recent Technology posts –

This entry was posted in Technology & Cyberlaw and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply