As the information age grows, companies are beginning to capitalize on the collection of consumer and employee data. However, in the post-Edward Snowden era businesses and governments must also have respect for individual privacy. Compliance with privacy laws has become a prerequisite for U.S. companies seeking to expand operations into the European Union. Companies in the U.S. must recognize that much of the data they collect on customers and employees is protected by E.U. privacy laws which restrict the free transfer of this information. Recently, the E.U. and U.S. have agreed to a new framework called the E.U.-U.S. Privacy Shield which will regulate the flow of customer and employee data from the E.U. to the U.S.
This framework establishes privacy requirements for businesses and governments and is designed to protect the privacy of E.U. citizens. According to a recent press release from the European Commission, the framework will “provide stronger obligations on companies in the U.S. to protect the personal data of Europeans.” For example, companies importing data from the E.U. must make a published commitment to protecting individuals’ rights. These commitments are binding on the company and the U.S. Department of Commerce is charged with monitoring and enforcing them. This framework makes clear that companies must have policies designed to protect employee and customer data. For more information see this recent article from the New York Times:
By: Charles Hammond