Beginning August 1, 2016, the United States Department of Commerce began accepting self-certifications to the EU-U.S. Privacy Shield from organizations looking to transfer personal data collected within the European Union to the United States. This article provides an overview of the Privacy Shield, its interplay with privacy issues companies face with compliance with the EFPIA Disclosure Code, provisions related to pharmaceutical and medical products (i.e., clinical data, adverse event reporting), and whether the Privacy Shield can survive.
For fifteen years, the U.S.-EU Safe Harbor Framework (the “Safe Harbor”) protected transfers of personal data from the European Union (“EU”) to the United States. In October of 2015, the Court of Justice of the European Union invalidated the Safe Harbor in Schrems v. Data Protection Commissioner. Although other unfavorable means to transfer personal data, such as model clauses and binding corporate rules, existed both before and after the Safe Harbor’s evisceration, it was clear that a new safe harbor was quickly needed. The Article 29 Working Party exacerbated the situation by giving a January 31, 2016 for a solution to be found.
Read the full article in the January 2017 issue of Life Science Compliance Update.