[Federal Register Volume 85, Number 227 (Tuesday, November 24, 2020)]
[Notices]
[Pages 74981-74983]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-25974]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

International Trade Administration


Agency Information Collection Activities; Submission to the 
Office of Management and Budget (OMB) for Review and Approval; Renewal 
of Information Collection; Comment Request; EU-U.S. Privacy Shield; 
Invitation for Applications for Inclusion on the List of Arbitrators

AGENCY: International Trade Administration, U.S. Department of 
Commerce.

ACTION: Notice of Information Collection, request for comment.

-----------------------------------------------------------------------

SUMMARY: The Department of Commerce, in accordance with the Paperwork 
Reduction Act of 1995 (PRA), invites the general public and other 
Federal agencies to comment on proposed, and continuing information 
collections, which helps us assess the impact of our information 
collection requirements and minimize the public's reporting burden. The 
purpose of this notice is to allow for 60 days of public comment 
preceding submission of the collection to OMB.

DATES: To ensure consideration, comments regarding this proposed 
information collection must be received on or before January 25, 2021.

ADDRESSES: Interested persons are invited to submit written comments by 
email to Towanda Carey, ITA Paperwork Clearance Officer, Department of 
Commerce, International Trade Administration at [email protected]. 
Please reference OMB Control Number 0625-0277 in the subject line of 
your comments. Do not submit Confidential Business Information or 
otherwise sensitive or protected information.

FOR FURTHER INFORMATION CONTACT: Requests for additional information or 
specific questions related to collection activities should be directed 
to David Ritchie, Senior Policy Advisor, Department of Commerce, 
International Trade Administration via email at 
[email protected], or tel. 202-482-1512. More information on the 
arbitration mechanism may be found at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

SUPPLEMENTARY INFORMATION: 

I. Abstract

    The EU-U.S. Privacy Shield Framework was designed by the U.S. 
Department of Commerce (the Department) and the European Commission 
(Commission) to provide companies on both sides of the Atlantic with a 
mechanism to comply with data protection requirements when transferring 
personal data from the European Union to the United States in support 
of transatlantic commerce. On July 12, 2016, the Commission deemed the 
EU-U.S. Privacy Shield Framework adequate to enable data transfers 
under EU law, and on August 1, 2016, the Department began accepting 
self-certifications from U.S. companies to join the program (81 FR 
47752; July 22, 2016).
    On July 16, 2020, the Court of Justice of the European Union (CJEU) 
issued a judgment declaring as ``invalid'' the Commission's decision on 
the adequacy of the protection provided by the EU-U.S. Privacy Shield 
and as a result the EU-U.S. Privacy Shield Framework is no longer a 
valid mechanism to comply with EU data protection requirements when 
transferring personal data from the European Union to the United 
States. That judgment does not relieve participants in the EU-U.S. 
Privacy Shield of their obligations under the EU-U.S. Privacy Shield 
Framework. The Department and the Commission are discussing the 
potential for an enhanced EU-U.S. Privacy Shield Framework to comply 
with the July 16, 2020 judgment by the CJEU. The Department continues 
to administer the Privacy Shield program while those discussions 
proceed. For more information on the Privacy Shield, visit https://www.privacyshield.gov/welcome.
    As described in Annex I of the EU-U.S. Privacy Shield Framework, 
the Department and the Commission committed to implement an arbitration 
mechanism to provide European individuals with the ability to invoke 
binding arbitration to determine, for residual claims, whether an 
organization has violated its obligations under the Privacy Shield. 
Organizations voluntarily self-certify to the EU-U.S. Privacy Shield 
Framework and, upon certification, the commitments the organization has 
made to comply with the EU-U.S. Privacy Shield Framework become legally 
enforceable under U.S. law. Organizations that self-certify to the EU-
U.S. Privacy Shield Framework commit to binding arbitration of residual 
claims if a European individual chooses to exercise that option. Under 
the arbitration option, a Privacy Shield Panel (consisting of one or 
three arbitrators, as agreed by the parties) has the authority to 
impose individual-specific, non-monetary equitable relief (such as 
access, correction, deletion, or return of the European individual's 
data in question) necessary to remedy the violation of the EU-U.S. 
Privacy Shield Framework only with respect to the individual. The 
parties will select the arbitrators from the list of arbitrators 
described below.
    The Department and the Commission seek to maintain a list of at 
least 20 arbitrators. To be eligible for inclusion on the list, 
applicants must be admitted to practice law in the United States and 
have expertise in both U.S. privacy law and EU data protection law. 
Applicants shall not be subject to any instructions from, or be 
affiliated with, any Privacy Shield organization, or the U.S., EU, or 
any EU Member State or any other governmental authority, public 
authority or enforcement authority.
    The Department previously requested and obtained approval of this 
information collection (OMB Control No. 0625-0277), which expires on 1/
31/2021, and now seeks renewal of this information collection. Although 
the Department is not currently seeking additional applications, it may 
do so in the future as appropriate.
    To be considered for inclusion on the EU-U.S. Privacy Shield List 
of Arbitrators, eligible individuals will be evaluated on the basis of 
independence, integrity, and expertise:

Independence

--Freedom from bias and prejudice.

[[Page 74982]]

Integrity

--Held in the highest regard by peers for integrity, fairness and good 
judgment.
--Demonstrates high ethical standards and commitment necessary to be an 
arbitrator.

Expertise

Required

--Admission to practice law in the United States.
--Level of demonstrated expertise in U.S. privacy law and EU data 
protection law.

Other Expertise That may Be Considered Includes Any of the Following

--Relevant educational degrees and professional licenses.
--Relevant professional or academic experience or legal practice.
--Relevant training or experience in arbitration or other forms of 
dispute resolution.

    Evaluation of applications for inclusion on the list of arbitrators 
will be undertaken by the Department and the Commission. Selected 
applicants will remain on the list for a period of three years, absent 
exceptional circumstances; change in eligibility, or for cause, 
renewable for one additional period of three years.
    The Department selected the International Centre for Dispute 
Resolution-American Arbitration Association (ICDR-AAA) as administrator 
for Privacy Shield arbitrations brought under either the EU-U.S. 
Privacy Shield Framework or the Swiss-U.S. Privacy Shield Framework. 
Among other things, the ICDR-AAA facilitates arbitrator fee 
arrangements, including the collection and timely payment of arbitrator 
fees and other expenses.
    Arbitrators are expected to commit their time and effort when 
included on the EU-U.S. Privacy Shield List of Arbitrators and to take 
reasonable steps to minimize the costs or fees of the arbitration.
    Arbitrators are subject to a code of conduct consistent with Annex 
I of the EU-U.S. Privacy Shield Framework and generally accepted 
ethical standards for arbitrators. The Department and the Commission 
agreed to adopt an existing, well-established set of U.S. arbitral 
procedures to govern the arbitral proceedings, subject to 
considerations identified in Annex I of the EU-U.S. Privacy Shield 
Framework, including that materials submitted to arbitrators will be 
treated confidentially and will only be used in connection with the 
arbitration. For more information, please visit https://www.privacyshield.gov/article?id=G-Arbitration-Procedures where you can 
find information on the arbitration procedures. (Please note that the 
Arbitration procedures apply to both the EU-U.S. Privacy Shield 
Framework and the Swiss-U.S. Privacy Shield Framework)

Applications

    Applications must be typewritten and should be headed ``Application 
for Inclusion on the EU-U.S. Privacy Shield List of Arbitrators.'' 
Applications should include the following information, and each section 
of the application should be numbered as indicated:

--Name of applicant.
--Address, telephone number, and email address.
1. Independence
--Description of the applicant's affiliations with any Privacy Shield 
organization, or the U.S., EU, any EU Member State or any other 
governmental authority, public authority, or enforcement authority.
2. Integrity
--On a separate page, the names, addresses, telephone, and fax numbers 
of three individuals willing to provide information concerning the 
applicant's qualifications for service, including the applicant's 
character, reputation, reliability, and judgment.
--Description of the applicant's willingness and ability to make time 
commitments necessary to be an arbitrator.
3. Expertise
--Demonstration of admittance to practice law in the United States.
--Relevant academic degrees and professional training and licensing.
--Current employment, including title, description of responsibility, 
name and address of employer, and name and telephone number of 
supervisor or other reference.
--Employment history, including the dates and addresses of each prior 
position and a summary of responsibilities.
--Description of expertise in U.S. privacy law and EU data protection 
law.
--Description of training or experience in arbitration or other forms 
of dispute resolution, if applicable.
--A list of publications, testimony, and speeches, if any, concerning 
U.S. privacy law and EU data protection law, with copies appended.

II. Method of Collection

    As stated above, the Department is not currently seeking additional 
applications, but may do so in the future as appropriate. The 
Department previously requested and obtained approval of this 
information collection (OMB Control No. 0625-0277), which expires on 1/
31/2021, and now seeks renewal of this information collection. Future 
applications would be submitted to the Department by email. More 
information on the arbitration mechanism may be found at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

III. Data

    OMB Control Number: 0625-0277.
    Form Number(s): None.
    Type of Review: Regular submission, revision of a current 
information collection.
    Affected Public: Private individuals.
    Estimated Number of Respondents: 40.
    Estimated Time per Response: 240 minutes.
    Estimated Total Annual Burden Hours: 160.
    Estimated Total Annual Cost to Public: $0.
    Respondent's Obligation: Required to obtain or retain benefits.
    Legal Authority: The Department's statutory authority to foster, 
promote, and develop international commerce (15 U.S.C. 1512).

IV. Request for Comments

    We are soliciting public comments to permit the Department/Bureau 
to: (a) Evaluate whether the proposed information collection is 
necessary for the proper functions of the Department, including whether 
the information will have practical utility; (b) Evaluate the accuracy 
of our estimate of the time and cost burden for this proposed 
collection, including the validity of the methodology and assumptions 
used; (c) Evaluate ways to enhance the quality, utility, and clarity of 
the information to be collected; and (d) Minimize the reporting burden 
on those who are to respond, including the use of automated collection 
techniques or other forms of information technology.
    Comments that you submit in response to this notice are a matter of 
public record. We will include or summarize each comment in our request 
to OMB to approve this information collection request (ICR). Before 
including your address, phone number, email address, or other personal 
identifying information in your comment, you should be aware that

[[Page 74983]]

your entire comment--including your personal identifying information--
may be made publicly available at any time. While you may ask us in 
your comment to withhold your personal identifying information from 
public review, we cannot guarantee that we will be able to do so.

Sheleen Dumas,
Department PRA Clearance Officer, Office of the Chief Information 
Officer, Commerce Department.
[FR Doc. 2020-25974 Filed 11-23-20; 8:45 am]
BILLING CODE 3510-DS-P