Submission for OMB Review; Comment Request
| Published date | 11 March 2020 |
| Citation | 85 FR 14184 |
| Record Number | 2020-04935 |
| Section | Notices |
| Court | Commerce Department,International Trade Administration |
Federal Register, Volume 85 Issue 48 (Wednesday, March 11, 2020)
[Federal Register Volume 85, Number 48 (Wednesday, March 11, 2020)]
[Notices]
[Pages 14184-14185]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-04935]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
International Trade Administration
Submission for OMB Review; Comment Request
The Department of Commerce will submit to the Office of Management
and Budget (OMB) for clearance the following proposal for collection of
information under the provisions of the Paperwork Reduction Act (44
U.S.C. Chapter 35).
Agency: International Trade Administration (ITA).
Title: Renewal of Information Collection for Self-Certification to
the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
OMB Control Number: 0625-0276.
Form Number(s): None.
Type of Request: Regular submission.
Number of Respondents: 5,100.
Average Hours per Response: 40 minutes.
Burden Hours: 3,412.
Needs and Uses: The United States, the European Union (EU), and
Switzerland share the goal of enhancing privacy protection for their
citizens but take different approaches to doing so. Given those
differences, the Department of Commerce (DOC) developed the EU-U.S. and
Swiss-U.S. Privacy Shield Frameworks (Privacy Shield) in consultation
with the European Commission, the Swiss Administration, industry, and
other stakeholders. Privacy Shield provides U.S. organizations a
reliable mechanism for personal data transfers to the United States
from the EU and Switzerland, while ensuring data protection that is
consistent with EU and Swiss law.
The European Commission and Swiss Administration deemed the EU-U.S.
Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework
adequate to enable data transfers under EU and Swiss law, respectively,
on July 12, 2016 and on January 12, 2017. The DOC began accepting self-
certification submissions for the EU-U.S. Privacy Shield on August 1,
2016, and for the Swiss-U.S. Privacy Shield on April 12, 2017. More
information on the Privacy Shield is available at: https://www.privacyshield.gov/welcome.
The DOC issued the Privacy Shield Principles under its statutory
authority to foster, promote, and develop international commerce (15
U.S.C. 1512). The International Trade Administration (ITA) administers
and supervises the Privacy Shield, including maintaining and making
publicly available an authoritative list of U.S. organizations that
have self-certified to the DOC. U.S. organizations submit information
to ITA to self-certify their compliance with Privacy Shield.
U.S. organizations considering self-certifying to the Privacy
Shield should review the Privacy Shield Framework. In summary, to
participate, an organization must (a) be subject to the investigatory
and enforcement powers of the Federal Trade Commission, the Department
of Transportation, or another statutory body that will effectively
ensure compliance with the
[[Page 14185]]
Principles; (b) publicly declare its commitment to comply with the
Principles; (c) publicly disclose its privacy policies in line with the
Principles; and (d) fully implement them.
Self-certification is voluntary; however, an organization's failure
to comply with the Principles after its self-certification is
enforceable under Section 5 of the Federal Trade Commission Act
prohibiting unfair and deceptive acts in or affecting commerce (15
U.S.C. 45(a)) or other laws or regulations prohibiting such acts.
To rely on the Privacy Shield for transfers of personal data from
the EU and/or Switzerland, an organization must self-certify its
adherence to the Principles to the DOC, be placed on the Privacy Shield
List, and remain on the Privacy Shield List. To self-certify for the
Privacy Shield, an organization must provide to the DOC the information
specified in the Privacy Shield Principles via the self-certification
form.
ITA has committed to follow up with organizations that have been
removed from the Privacy Shield List. ITA sends questionnaires to
organizations that fail to complete the annual certification or that
have withdrawn from the Privacy Shield to verify whether they will
return, delete, or continue to apply the Principles to the personal
information that they received while they participated in the Privacy
Shield. If personal information will be retained, ITA asks
organizations to verify who within the organization will serve as an
ongoing point of contact for Privacy Shield-related questions.
In addition, ITA has committed to conduct compliance reviews on an
ongoing basis, including through sending detailed questionnaires to
participating organizations. Such compliance reviews take place when:
(a) The DOC receives specific non-frivolous complaints about an
organization's compliance with the Principles, (b) an organization does
not respond satisfactorily to DOC inquiries for information relating to
the Privacy Shield, or (c) there is credible evidence that an
organization does not comply with its commitments under the Privacy
Shield.
Affected Public: Primarily businesses or other for-profit
organizations.
Frequency: Annual and periodic.
Respondent's Obligation: Voluntary.
This information collection request may be viewed at
www.reginfo.gov. Follow the instructions to view the Department of
Commerce collections currently under review by OMB.
Written comments and recommendations for the proposed information
collection should be sent within 30 days of publication of this notice
to OIRA [email protected] or fax to (202) 975-5806.
Sheleen Dumas,
Department PRA Clearance Officer, Office of the Chief Information
Officer, Commerce Department.
[FR Doc. 2020-04935 Filed 3-10-20; 8:45 am]
BILLING CODE 3510-DS-P
