[Federal Register Volume 81, Number 141 (Friday, July 22, 2016)]
[Notices]
[Pages 47752-47754]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-17508]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
International Trade Administration
[Docket No.: 160713610-6610-01]
RIN 0625-XC020
Cost Recovery Fee Schedule for the EU-U.S. Privacy Shield
Framework
AGENCY: International Trade Administration, U.S. Department of
Commerce.
ACTION: Notice of implementation of a cost recovery program fee with
request for comments.
-----------------------------------------------------------------------
SUMMARY: Consistent with the guidelines in OMB Circular A-25, the U.S.
Department of Commerce's International Trade Administration (ITA) is
implementing a cost recovery program fee to support the operation of
the EU-U.S. Privacy Shield Framework (Privacy Shield), which will
require that U.S. organizations pay an annual fee to ITA in order to
participate in the Privacy Shield. The cost recovery program will
support the administration and supervision of the Privacy Shield
program and support the provision of
[[Page 47753]]
Privacy Shield-related services, including education and outreach. The
Privacy Shield fee schedule will become effective on August 1, 2016,
when ITA will begin accepting self-certifications. ITA also is
providing the public with the opportunity to comment on the fee
schedule. ITA will reassess the fee schedule after the first year of
implementation and, in accordance with OMB Circular A-25, at least
every two years thereafter.
DATES: This fee schedule is effective August 1, 2016. Comments must be
received by August 22, 2016.
ADDRESSES: You may submit comments by either of the following methods:
Federal eRulemaking Portal: www.Regulations.gov. The
identification number is ITA-2016-0007.
Postal Mail/Commercial Delivery to Grace Harter,
Department of Commerce, International Trade Administration, Room 20001,
1401 Constitution Avenue NW., Washington, DC and reference ``Privacy
Shield Fee Structure, ITA-2016-0007'' in the subject line.
Instructions: You must submit comments by one of the above methods
to ensure that we receive the comments and consider them. Comments sent
by any other method, to any other address or individual, or received
after the end of the comment period, may not be considered. All
comments received are a part of the public record and will generally be
posted to http://www.regulations.gov without change. All Personal
Identifying Information (for example, name, address, etc.) voluntarily
submitted by the commenter may be publicly accessible. Do not submit
Confidential Business Information or otherwise sensitive or protected
information.
Commerce Department will accept anonymous comments (enter ``N/A''
in the required fields if you wish to remain anonymous). Attachments to
electronic comments will be accepted in Microsoft Word, Excel,
WordPerfect, or Adobe PDF file formats only. Supporting documents and
any comments we receive on this docket may be viewed at http://www.regulations.gov/ITA-2016-0002.
FOR FURTHER INFORMATION CONTACT: Requests for additional information
regarding the EU-U.S. Privacy Shield Framework should be directed to
David Ritchie or Grace Harter, Department of Commerce, International
Trade Administration, Room 20001, 1401 Constitution Avenue NW.,
Washington, DC, tel. 202-482-4936 or 202-482-1512 or via email at
[email protected]. Additional information on ITA fees is
available at trade.gov/fees.
SUPPLEMENTARY INFORMATION:
Background
Consistent with the guidelines in OMB Circular A-25 (https://www.whitehouse.gov/omb/circulars_a025), federal agencies are
responsible for implementing cost recovery program fees.
The role of ITA is to strengthen the competitiveness of U.S.
industry, promote trade and investment, and ensure fair trade through
the rigorous enforcement of our trade laws and agreements. ITA works to
promote privacy policy frameworks to facilitate the flow of data across
borders to support international trade.
The United States and the European Union (EU) share the goal of
enhancing privacy protection but take different approaches to
protecting personal data. Given those differences, the Department of
Commerce (DOC) developed the Privacy Shield in consultation with the
European Commission, as well as with industry and other stakeholders,
to provide organizations in the United States with a reliable mechanism
for personal data transfers to the United States from the European
Union while ensuring the protection of the data as required by EU law.
In July 2016, the European Commission approved the EU-U.S. Privacy
Shield Framework. The published Privacy Shield Principles are available
at: [insert link]. The DOC has issued the Privacy Shield Principles
under its statutory authority to foster, promote, and develop
international commerce (15 U.S.C. 1512). ITA will administer and
supervise the Privacy Shield, including by maintaining and making
publicly available an authoritative list of U.S. organizations that
have self-certified to the DOC. U.S. organizations submit information
to ITA to self-certify their compliance with Privacy Shield. ITA will
accept self-certification submissions beginning on August 1, 2016. At a
future date, ITA will publish for public notice and comment information
collections as described in the Privacy Shield Framework consistent
with the Paperwork Reduction Act.
U.S. organizations considering self-certifying to the Privacy
Shield should review the Privacy Shield Framework. In summary, in order
to enter the Privacy Shield, an organization must (a) be subject to the
investigatory and enforcement powers of the Federal Trade Commission
(FTC) or the Department of Transportation; (b) publicly declare its
commitment to comply with the Principles through self-certification to
the DOC; (c) publicly disclose its privacy policies in line with the
Principles; and (d) fully implement them.
Self-certification to the DOC is voluntary; however, an
organization's failure to comply with the Principles after its self-
certification is enforceable under Section 5 of the Federal Trade
Commission Act prohibiting unfair and deceptive acts in or affecting
commerce (15 U.S.C. 45(a)) or other laws or regulations prohibiting
such acts.
ITA is implementing a cost recovery program to support the
operation of the Privacy Shield, which will require U.S. organizations
to pay an annual fee to ITA in order to participate in the program. The
cost recovery program will support the administration and supervision
of the Privacy Shield program and support the provision of Privacy
Shield-related services, including education and outreach. The fee a
given organization will be charged will be based on the organization's
annual revenue:
Fee Schedule:
EU-U.S. Privacy Shield Framework Cost Recovery Program
------------------------------------------------------------------------
Organization's annual revenue Annual fee
------------------------------------------------------------------------
$0 to $5 million........................................ $250
Over $5 million to $25 million.......................... 650
Over $25 million to $500 million........................ 1,000
Over $500 million to $5 billion......................... 2,500
Over $5 billion......................................... 3,250
------------------------------------------------------------------------
Organizations will have additional direct costs associated with
participating in the Privacy Shield. For example, Privacy Shield
organizations must provide a readily available independent recourse
mechanism to hear individual complaints at no cost to the individual.
Furthermore, organizations will be required to pay contributions in
connection with the arbitral model, as described in Annex I to the
Principles.
Method for Determining Fees
ITA collects, retains, and expends user fees pursuant to delegated
authority under the Mutual Educational and Cultural Exchange Act as
authorized in its annual appropriations acts.
The EU-U.S. Privacy Shield Framework was developed to provide
organizations in the United States with a reliable mechanism for
personal data transfers that underpin the trade and investment
relationship between the United States and the EU.
[[Page 47754]]
Fees are set taking into account the operational costs borne by ITA
to administer and supervise the Privacy Shield program. The Privacy
Shield program will require a significant commitment of resources and
staff. The Privacy Shield Framework includes commitments from ITA to:
Maintain a Privacy Shield Web site;
verify self-certification requirements submitted by
organizations to participate in the program;
expand efforts to follow up with organizations that have
been removed from the Privacy Shield List;
search for and address false claims of participation;
conduct periodic compliance reviews and assessments of the
program;
provide information regarding the program to targeted
audiences;
increase cooperation with EU data protection authorities;
facilitate resolution of complaints about non-compliance;
hold annual meetings with the European Commission and
other authorities to review the program, and
provide an update of laws relevant to Privacy Shield.
In setting the Privacy Shield fee schedule, ITA determined that the
services provided offer special benefits to an identifiable recipient
beyond those that accrue to the general public. ITA calculated the
actual cost of providing its services in order to provide a basis for
setting each fee. Actual cost incorporates direct and indirect costs,
including operations and maintenance, overhead, and charges for the use
of capital facilities. ITA also took into account additional factors,
including adequacy of cost recovery, affordability, and costs
associated with alternative options available to U.S. organizations for
the receipt of personal data from the EU.
ITA is establishing a 5-tiered fee schedule that will promote the
participation of small organizations in Privacy Shield. A multiple-
tiered fee schedule allows ITA to offer the organizations with lower
revenue a lower fee. In setting the 5 tiers, ITA considered, in
conjunction with the factors mentioned above: (1) The Small Business
Administration's guidance on identifying SMEs in various industries
most likely to participate in the Privacy Shield, such as computer
services, software and information services; (2) the likelihood that
small companies would be expected to receive less personal data and
thereby use fewer government resources; and (3) the likelihood that
companies with higher revenue would have more customers whose data they
process, which would use more government resources dedicated to
administering and overseeing Privacy Shield. For example, if a company
holds more data it could reasonably produce more questions and
complaints from consumers and the European Union's Data Protection
Authorities (DPAs). ITA has committed to facilitating the resolution of
individual complaints and to communicating with the FTC and the DPAs
regarding consumer complaints. Lastly, the fee increases between the
tiers are based in part on projected program costs and estimated
participation levels among companies within each tier.
Conclusion
Based on the information provided above, ITA believes that its
Privacy Shield cost recovery fee schedule is consistent with the
objective of OMB Circular A-25 to ``promote efficient allocation of the
nation's resources by establishing charges for special benefits
provided to the recipient that are at least as great as the cost to the
U.S. Government of providing the special benefits . . .'' OMB Circular
A-25(5)(b). ITA is providing the public with the opportunity to comment
on the fee schedule, and it will consider these comments when it
reassesses the fee schedule. ITA will reassess the fee schedule after
the first year of implementation and, in accordance with OMB Circular
A-25, at least every two years thereafter.
Dated: July 20, 2016.
Edward M. Dean,
Deputy Assistant Secretary for Services, International Trade
Administration, U.S. Department of Commerce.
[FR Doc. 2016-17508 Filed 7-21-16; 8:45 am]
BILLING CODE 3510-DR-P