VeraSafe Privacy Shield Independent Recourse Mechanism 2020 Annual Report

Today, VeraSafe has published its fourth annual report under the VeraSafe Privacy Shield Dispute Resolution Program (the “Report”). As an official Independent Recourse Mechanism (“IRM”) for the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”), VeraSafe publishes a report each year describing our dispute resolution activities and the state of our IRM and Privacy Shield Compliance Verification programs. The full Report is available here: VeraSafe Privacy Shield IRM Annual Report 2020

Until recently, the Privacy Shield was one of the most popular mechanisms relied on by U.S. organizations to lawfully receive personal data from the European Economic Area (“EEA”) and Switzerland. VeraSafe offers a first-class IRM program in both standalone formats and as part of the VeraSafe Privacy Program, our compliance verification service offering. The VeraSafe Privacy Shield Dispute Resolution Program allows participating organizations to meet their obligation under the Privacy Shield to provide independent dispute resolution services to data subjects via an IRM. Moreover, it creates a professional and amicable forum for data subjects to resolve their privacy complaints through mediation.

The Court of Justice of the European Union recently invalidated the EU-U.S. Privacy Shield Framework as a cross-border data transfer mechanism for exporting personal data from the European Union to the United States in its July 16, 2020 ruling in the Schrems II case. However, the Swiss-U.S. Privacy Shield Framework remains a valid data transfer mechanism for transfers from Switzerland to the United States. In addition, the U.S. Department of Commerce has stated that it will continue to administer the Privacy Shield Program, including through processing applications for self-certification and recertification under the Frameworks. Organizations enrolled in the Privacy Shield Frameworks must continue to comply with the Privacy Shield Principles, and VeraSafe will continue to operate the VeraSafe Dispute Resolution Program and Privacy Program.

The Report confirms the success of the overarching VeraSafe Privacy Program in ensuring that participating organizations protect personal data and safeguard the fundamental rights and freedoms of their data subjects. There have been no qualified Privacy Shield-related complaints during the reporting period. This comes as no surprise, as the participants of the VeraSafe Privacy Program benefit from advisory and audit services that go well beyond the minimum requirements of the Privacy Shield Frameworks. In addition to the Privacy Shield Principles, our holistic approach to privacy and data protection draws heavily on the requirements of the EU General Data Protection Regulation (“GDPR”), the NIST Cybersecurity Framework, and the perspectives of European data protection regulators. As a result, the VeraSafe Privacy Program has become a recognized privacy certification standard in its own right.

The Report notes an increase in organizations falsely claiming to be a member of VeraSafe’s Privacy Shield Dispute Resolution Program within their privacy notices. In each case, VeraSafe has taken action to stop the false claims and attempted to ensure that the false claims are promptly removed. 

For more information or to enroll in the VeraSafe Privacy Shield Dispute Resolution Program, please visit: 

Contact VeraSafe to discuss your data security management and privacy program today.