Here’s What U.S. Companies With EU Employees and Customers Need To Do
U.S. companies that want to legally process the personal information of employees and customers in the EU can, from Monday, finally sign up to a new scheme to allow them to do so. And they probably should.
The U.S. and the EU last month finalized their Privacy Shield agreement, which provides a legal basis for personal data exports across the Atlantic. Without it, many companies handling EU citizens’ information could be breaking the law in Europe.
The previous such pact, known as Safe Harbor, was struck down by the EU’s highest court last year—and if Safe Harbor is still the basis for your operations, you could get fined like Adobe (ADBE) and Unilever (UL) were in June.
Get Data Sheet, Fortune’s technology newsletter.
The other alternatives are more complex mechanisms called binding corporate rules and model clauses, which can take a long time to set up and aren’t suitable for all businesses. That’s why there was such panic after Safe Harbor got struck down, and such relief when Privacy Shield appeared.
The long-term outlook for Privacy Shield is uncertain. Many legal experts say it has the same fundamental flaws that Safe Harbor had—most importantly, that it doesn’t stop the personal data of EU citizens being recorded in bulk by U.S. intelligence services.
The EU’s privacy regulators don’t think the deal provides enough protection for Europeans’ fundamental rights, but they have decided to give Privacy Shield a chance for the next year at least—the agreement includes an annual review mechanism to see whether it is working or not.
For more on privacy, watch our video.
That will not stop people trying to challenge the deal in court. Max Schrems, the privacy advocate who brought down Safe Harbor, thinks Privacy Shield is doomed and businesses will therefore not bother to sign up.
But that said, if you don’t have binding corporate rules or model clauses set up, and you want to process the personal data of EU citizens without getting into trouble, you really should sign up to the Privacy Shield register to stay on the right side of the law.
That facility will be available as from 9:00a.m. EST on Monday. It essentially involves self-certifying that your organization adheres to the Privacy Shield principles, and there’s a relatively small fee for registration.