In his article for the American Institute for Contemporary German Studies, Morgan Lewis of counsel Axel Spies discusses some of the initial response to the self-certification process for US organizations to participate in the EU-US Privacy Shield Framework (Privacy Shield), which the National Telecommunications & Information Administration (NTIA) launched on August 1.
Axel notes that US organizations appear to be taking a conservative approach toward the Privacy Shield self-certification process because of various concerns, such as whether the Privacy Shield will be challenged in European courts, the lack of guidance from the NTIA and the Federal Trade Commission (FTC), the internal compliance requirements, potential future scrutiny of self-certification by both EU and US governmental bodies, and uncertainty as to which organizations may participate in the Privacy Shield.
In addition, the article covers some of the principles of the Privacy Shield that US organizations may find challenging to put into practice, such as Principle 4 (Data Integrity and Purpose Limitation) and Principle 5 (Onward Transfer).