Steve Wood, Interim Deputy Commissioner at the Information Commissioners Office (ICO) has written a very informative blog entry about the ‘What, Why and How of transferring data to the US’, following the ruling of the Court of Justice of the European Union that the Safe Harbor scheme did not provide adequate protection.
He also mentions the EU-US Privacy Shield scheme which came into force on 1st August 2016, however looking at the associated links of US companies registered with the Shield, it appears that there are few showing on the list – hopefully this will change over time. Many US companies are obviously looking at registering on the new scheme, but for UK entities there is now a greater need to review their position in relation to transfers of personal data to the US.
As advised by the ICO, doing nothing is not an option.
So, there is obviously a need to review privacy notices and ensure compliance with UK law – consent should be voluntary.
The ICO Blog is here.
The EU-US Privacy Shield list of US Companies is here