[Federal Register Volume 84, Number 247 (Thursday, December 26, 2019)]
[Notices]
[Pages 70942-70943]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-27736]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

International Trade Administration


Renewal of Information Collection; Comment Request; Information 
Collection for Self-Certification to the EU-U.S. and Swiss-U.S. Privacy 
Shield Frameworks

AGENCY: International Trade Administration, Department of Commerce.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The Department of Commerce, as part of its continuing effort 
to reduce paperwork and respondent burden, invites the general public 
and other Federal agencies to take this opportunity to comment on 
proposed and/or continuing information collections, as required by the 
Paperwork Reduction Act of 1995.

DATES: Written comments must be submitted on or before February 24, 
2020.

ADDRESSES: Direct all written comments to Towanda Carey, ITA Paperwork 
Clearance Officer, Department of Commerce, OCFAO, 14th and Constitution 
Avenue NW, Washington, DC 20230 (or via the internet at 
[email protected]). Comments will generally be posted without change. 
Please do not include information of a confidential nature, such as 
sensitive personal information or proprietary information. All 
Personally Identifiable Information (for example, name and address) 
voluntarily submitted may be publicly accessible.

FOR FURTHER INFORMATION CONTACT: Requests for additional information or 
copies of the information collection instrument and instructions should 
be directed to David Ritchie, Department of Commerce, International 
Trade Administration, via email at [email protected], or tel. 
202-482-1512.

SUPPLEMENTARY INFORMATION:

I. Abstract

    The United States, the European Union (EU), and Switzerland share 
the goal of enhancing privacy protection for their citizens but take 
different approaches to doing so. Given those differences, the 
Department of Commerce (DOC) developed the EU-U.S. and Swiss-U.S. 
Privacy Shield Frameworks (Privacy Shield) in consultation with the 
European Commission, the Swiss Administration, industry, and other 
stakeholders. Privacy Shield provides U.S. organizations a reliable 
mechanism for personal data transfers to the United States from the EU 
and Switzerland, while ensuring data protection that is consistent with 
EU and Swiss law.
    The European Commission and Swiss Administration deemed the EU-U.S. 
Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework 
adequate to enable data transfers under EU and Swiss law, respectively, 
on July 12, 2016 and on January 12, 2017. The DOC began accepting self-
certification submissions for the EU-U.S. Privacy Shield on August 1, 
2016, and for the Swiss-U.S. Privacy Shield on April 12, 2017. More 
information on the Privacy

[[Page 70943]]

Shield is available at: https://www.privacyshield.gov/welcome.
    The DOC issued the Privacy Shield Principles under its statutory 
authority to foster, promote, and develop international commerce (15 
U.S.C. 1512). The International Trade Administration (ITA) administers 
and supervises the Privacy Shield, including maintaining and making 
publicly available an authoritative list of U.S. organizations that 
have self-certified to the DOC. U.S. organizations submit information 
to ITA to self-certify their compliance with Privacy Shield.
    U.S. organizations considering self-certifying to the Privacy 
Shield should review the Privacy Shield Framework. In summary, to 
participate, an organization must (a) be subject to the investigatory 
and enforcement powers of the Federal Trade Commission, the Department 
of Transportation, or another statutory body that will effectively 
ensure compliance with the Principles; (b) publicly declare its 
commitment to comply with the Principles; (c) publicly disclose its 
privacy policies in line with the Principles; and (d) fully implement 
them.
    Self-certification is voluntary; however, an organization's failure 
to comply with the Principles after its self-certification is 
enforceable under Section 5 of the Federal Trade Commission Act 
prohibiting unfair and deceptive acts in or affecting commerce (15 
U.S.C. 45(a)) or other laws or regulations prohibiting such acts.
    To rely on the Privacy Shield for transfers of personal data from 
the EU and/or Switzerland, an organization must self-certify its 
adherence to the Principles to the DOC, be placed on the Privacy Shield 
List, and remain on the Privacy Shield List. To self-certify for the 
Privacy Shield, an organization must provide to the DOC the information 
specified in the Privacy Shield Principles via the self-certification 
form.
    ITA has committed to follow up with organizations that have been 
removed from the Privacy Shield List. ITA sends questionnaires to 
organizations that fail to complete the annual certification or that 
have withdrawn from the Privacy Shield to verify whether they will 
return, delete, or continue to apply the Principles to the personal 
information that they received while they participated in the Privacy 
Shield. If personal information will be retained, ITA asks 
organizations to verify who within the organization will serve as an 
ongoing point of contact for Privacy Shield-related questions.
    In addition, ITA has committed to conduct compliance reviews on an 
ongoing basis, including through sending detailed questionnaires to 
participating organizations. Such compliance reviews take place when: 
(a) The DOC receives specific non-frivolous complaints about an 
organization's compliance with the Principles, (b) an organization does 
not respond satisfactorily to DOC inquiries for information relating to 
the Privacy Shield, or (c) there is credible evidence that an 
organization does not comply with its commitments under the Privacy 
Shield.

II. Method of Collection

    The Privacy Shield self-certification is submitted electronically 
by organizations through the DOC's Privacy Shield website (https://www.privacyshield.gov/). The Privacy Shield questionnaires and the 
corresponding responses provided by organizations are conveyed 
electronically via email or through the DOC's Privacy Shield website.

III. Data

    OMB Control Number: 0625-0276.
    Form Number(s): None.
    Type of Review: Regular submission.
    Affected Public: Primarily businesses or other for-profit 
organizations.
    Estimated Number of Respondents: 5,100.
    Estimated Time per Response: 40 minutes.
    Estimated Total Annual Burden Hours: 3,412.
    Estimated Total Annual Cost to Public: $7,173,250.

IV. Request for Comments

    Comments are invited on: (a) Whether the proposed collection of 
information is necessary for the proper performance of the functions of 
the agency, including whether the information shall have practical 
utility; (b) the accuracy of the agency's estimate of the burden 
(including hours and cost) of the proposed collection of information; 
(c) ways to enhance the quality, utility, and clarity of the 
information to be collected; and (d) ways to minimize the burden of the 
collection of information on respondents, including through the use of 
automated collection techniques or other forms of information 
technology.
    Comments submitted in response to this notice will be summarized 
and/or included in the request for OMB approval of this information 
collection; they also will become a matter of public record.

Sheleen Dumas,
Department PRA Clearance Officer, Office of the Chief Information 
Officer, Commerce Department.
[FR Doc. 2019-27736 Filed 12-23-19; 8:45 am]
 BILLING CODE 3510-DS-P