Cross-border data transfer affects all organizations that engage online IT services, cloud-based services, remote access services and global HR databases.
There are no limitations on the transfer of personal information outside of the United States, except that the employer should always maintain reasonable data security standards. The United States has no data localization laws.
EU-U.S. - PRIVACY SHIELD
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
The Privacy Shield program, which is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enables U.S.-based organizations to join one or both of the Privacy Shield Frameworks in order to benefit from the adequacy determinations. Privacy Shield imposes stronger obligations on U.S. companies to protect Europeans’ personal data. It reflects the requirements of the European Court of Justice, which ruled the previous Safe Harbor framework invalid.
The Privacy Shield Framework is voluntary, once an eligible organization makes the public commitment to comply with the Framework’s requirements, the commitment will become enforceable under U.S. law.
HR Best Practices: If your North American organization has part of its workforce in Europe and you need to rely on cross-border data transfer mechanisms, check one of our European “Cross-border Data Transfer” topics.
