If you are a resident of the European Union and a customer of ours, chances are you have been watching (or at least are aware of) the situation regarding data transfer policy between the EU and the US.
On October 6, 2015, the Court of Justice of the European Union (the “CJEU”) invalidated the European Commission’s Decision on the EU-US Safe Harbor arrangement, determining that the Commission’s finding that Safe Harbor was adequate was, in fact, inadequate. More on this decision may be found here.
On February 2, the US and the EU reached an agreement in principle to construct a framework to replace Safe Harbor and to reconcile differences between the laws of both governments. That framework has been named the EU-US Privacy Shield. In response to the agreement, the US Department of Commerce released a fact sheet, which we are making available as a pdf, here.
As the new framework promises to have farther reaching implications for how personally identifiable data is handled by third parties, we have contacted both of our current payment processors (Stripe and PayPal) for their comments. While we are still awaiting comment from PayPal, Stripe has responded that they, too, are monitoring the situation, but have not yet made any changes to their policies or procedures, pending more concrete guidance.
More information and commentary on the EU-US Privacy Shield may be found on these sites:
Digital Media, Technology & Privacy Alert >> Agreement on EU-U.S. Privacy Shield to Replace Safe Harbor Faces Hurdles, Kibel, Gary A, Partner (Digital Media, Technology & Privacy), Davis & Gilbert, LLP, February 4, 2016.
Article 29 Working Party Reacts to the U.S.-EU Privacy Shield Agreement, Tielemans, Jetty and Steinhardt, Ezra (Data Privacy and Cybersecurity group), Covington & Burling LLP, February 2, 2016.