This month, the Privacy Shield Program posted answers to Frequently Asked Questions. The Privacy Shield provides a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
The general guidance addresses topics such as the continued status of the Privacy Shield as a data transfer mechanism under the EU’s General Data Protection Regulation, the Privacy Shield’s relationship to the Clarifying Lawful Overseas Use of Data Act (CLOUD Act), the requirement to include the main website URL in an organization’s privacy policy, and additional information regarding Privacy Shield certification. Additionally, the guidance includes frequently asked questions specific to the Swiss-U.S. Privacy Shield, privacy policies, the Accountability for Onward Transfer Principle, and processors.