Privacy Shield Released – How Employers Can Take Advantage of the New European Data Transfer Framework

The EU Data Protection Directive 95/46/EC (the “Directive”) creates the legal framework for national data-protection laws in each EU member state.



Extract from article from Bryan Cave

Privacy Policy Requirements

In order to rely on the Privacy Shield, employers who handle an EU individual’s personal data must make the following updates to their publicly-available privacy policies:

1. Include a statement of the employer’s participation in the Privacy Shield framework.
2. Provide a hyperlink to the Privacy Shield List.
3. Include a statement of the individual’s right to access his or her personal data.
4. Include a statement that the employer may be responsible for disclosures of information to third parties acting on its behalf.
5. Identify the independent dispute resolution body that is available to investigate and resolve complaints from individuals. Examples of independent resolution bodies include alternative dispute resolution providers based in the U.S. or EU or a dispute resolution panel established by the EU data protection authorities.
6. Provide a hyperlink to the complaint submission form for the independent dispute resolution body.
7. Include a statement that the employer is subject to the authority of relevant regulatory bodies and that it may be required to disclose personal information in response to lawful requests made by regulators or law enforcement.

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.