Google is the latest company to seek compliance with the Privacy Shield Framework developed jointly by the U.S. Department of Commerce and the European Commission.
“We are committed to applying the protections of the Privacy Shield to personal data transferred between Europe and the United States,” Caroline Atkinson, head of global public policy at Google, wrote in a blog post.
Microsoft and Salesforce have previously gotten certified under the program, which has been in force since July. The intent of the program is to ensure the privacy of users’ data as it moves across the Atlantic, in line with European Union data protection law.
In effect the Privacy Shield is the replacement for the Safe Harbor Agreement, which was ruled invalid by the European Court of Justice last year.
To meet the standards of the Privacy Shield, companies must ensure that their privacy policies assert their commitment to the Privacy Shield, link out to the Privacy Shield website and a site for lodging complaints, and communicate users’ rights to access their data, among other things. Following users’ complaints, companies certified under the program must respond to users in 45 days. The program also has rules about what happens when data is shared with third parties.