Agency Information Collection Activities; Submission to the Office of Management and Budget (OMB) for Review and Approval; Renewal of Information Collection; Comment Request; Swiss-U.S. Privacy Shield; Invitation for Applications for Inclusion on the Supplemental List of Arbitrators

AGENCY:

International Trade Administration, U.S. Department of Commerce.

ACTION:

Notice of information collection, request for comment.

SUMMARY:

The Department of Commerce, in accordance with the Paperwork Reduction Act of 1995 (PRA), invites the general public and other Federal agencies to comment on proposed, and continuing information collections, which helps us assess the impact of our information collection requirements and minimize the public's reporting burden. The purpose of this notice is to allow for 60 days of public comment preceding submission of the collection to OMB.

DATES:

To ensure consideration, comments regarding this proposed information collection must be received on or before September 27, 2021.

ADDRESSES:

Interested persons are invited to submit written comments by email to Towanda Carey, ITA Paperwork Clearance Officer, Department of Commerce, International Trade Administration at PRAcomments@doc.gov. Please reference OMB Control Number 0625-0278 in the subject line of your comments. Do not submit Confidential Business Information or otherwise sensitive or protected information.

FOR FURTHER INFORMATION CONTACT:

Requests for additional information or specific questions related to collection activities should be directed to David Ritchie, Senior Policy Advisor, Department of Commerce, International Trade Administration via email at privacyshield@trade.gov, or tel. 202-482-1512. More information on the arbitration mechanism may be found at https://www.privacyshield.gov/servlet/servlet.FileDownload?file=015t000000079Gr.

SUPPLEMENTARY INFORMATION:

I. Abstract

The Swiss-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce (Department) and the Swiss Administration to provide companies in both Switzerland and the United States with a mechanism to comply with data protection requirements when transferring personal data from Switzerland to the United States in support of transatlantic commerce. On January 12, 2017, the Swiss Administration deemed the Swiss-U.S. Privacy Shield Framework adequate to enable data transfers under Swiss law, and on April 12, 2017, the Department began accepting self-certifications from U.S. companies to join the program (82 FR 16375; April 12, 2017).

On September 8, 2020 the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland issued an opinion concluding that the Swiss-U.S. Privacy Shield Framework does not provide an adequate level of protection for data transfers from Switzerland to the United States pursuant to Switzerland's Federal Act on Data Protection (FADP). As a result of that opinion, organizations wishing to rely on the Swiss-U.S. Privacy Shield to transfer personal data from Switzerland to the United States should seek guidance from the FDPIC or legal counsel. That opinion does not relieve participants in the Swiss-U.S. Privacy Shield of their obligations under the Swiss-U.S. Privacy Shield Framework. The Department continues to administer the Privacy Shield program while those discussions proceed. For more information on the Privacy Shield, visit https://www.privacyshield.gov/welcome.

As described in Annex I of the Swiss-U.S. Privacy Shield Framework, the Department and the Swiss Administration committed to implement an arbitration mechanism to provide Swiss individuals with the ability to invoke binding arbitration to determine, for residual claims, whether an organization has violated its obligations under the Privacy Shield. Organizations voluntarily self-certify to the Swiss-U.S. Privacy Shield Framework and, upon certification, the commitments the organization has made to comply with the Swiss-U.S. Privacy Shield Framework become legally enforceable under U.S. law. Organizations that self-certify to the Swiss-U.S. Privacy Shield Framework commit to binding arbitration of residual claims if a Swiss individual chooses to exercise that option. Under the arbitration option, a Privacy Shield Panel (consisting of one or three arbitrators, as agreed by the parties) has the authority to impose individual-specific, non-monetary equitable relief (such as access, correction, deletion, or return of the Swiss individual's data in question) necessary to remedy the violation of the Swiss-U.S. Privacy Shield Framework only with respect to the individual. The parties will select the arbitrators from the list of arbitrators described below.

The Department and the Swiss Administration seek to maintain a list of up to five arbitrators to supplement the list of arbitrators developed under the EU-U.S. Privacy Shield Framework. To be eligible for inclusion on the supplemental list, applicants must be admitted to practice law in the United States and have expertise in both U.S. privacy law and European or Swiss data protection law. Applicants shall not be subject to any instructions from, or be affiliated with, any Privacy Shield organization, or the U.S., Switzerland, EU, or any EU Member State or any other governmental authority, public authority or enforcement authority.

The Department previously requested and obtained approval of this information collection (OMB Control No. 0625-0278), which expires on 10/31/2021, and now seeks renewal of this information collection. Although the Department is not currently seeking additional applications, it may do so in the future as appropriate.

To be considered for inclusion on the Swiss-U.S. Privacy Shield Supplemental List of Arbitrators, eligible individuals will be evaluated on the basis of independence, integrity, and expertise:

Independence

—Freedom from bias and prejudice.

Integrity

—Held in the highest regard by peers for integrity, fairness and good judgment.

—Demonstrates high ethical standards and commitment necessary to be an arbitrator.

Expertise Required:

—Admission to practice law in the United States.

—Level of demonstrated expertise in U.S. privacy law and European or Swiss data protection law.

Other expertise that may be considered includes any of the following:

—Relevant educational degrees and professional licenses.

—Relevant professional or academic experience or legal practice.

—Relevant training or experience in arbitration or other forms of dispute resolution.

Evaluation of applications for inclusion on the list of arbitrators will be undertaken by the Department and the Swiss Administration. Selected applicants will remain on the list for a period of three years, absent exceptional circumstances; change in eligibility, or for cause, renewable for one additional period of three years.

The Department selected the International Centre for Dispute Resolution-American Arbitration Association (ICDR-AAA) as administrator for Privacy Shield arbitrations brought under either the EU-U.S. Privacy Shield Framework or the Swiss-U.S. Privacy Shield Framework. Among other things, the ICDR-AAA facilitates arbitrator fee arrangements, including the collection and timely payment of arbitrator fees and other expenses.

Arbitrators are expected to commit their time and effort when included on the Swiss-U.S. Privacy Shield Supplemental List of Arbitrators and to take reasonable steps to minimize the costs or fees of the arbitration.

Arbitrators are subject to a code of conduct consistent with Annex I of the Swiss-U.S. Privacy Shield Framework and generally accepted ethical standards for arbitrators. The Department and the Swiss Administration agreed to adopt an existing, well-established set of U.S. arbitral procedures to govern the arbitral proceedings, subject to considerations identified in Annex I of the Swiss-U.S. Privacy Shield Framework, including that materials submitted to arbitrators will be treated confidentially and will only be used in connection with the arbitration. For more information, please visit https://www.privacyshield.gov/article?id=G-Arbitration-Procedures where you can find information on the arbitration procedures. (Please note that the Arbitration procedures apply to both the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework)

Applications

Applications must be typewritten and should be headed “Application for Inclusion on the Swiss-U.S. Privacy Shield Supplemental List of Arbitrators.” Applications should include the following information, and each section of the application should be numbered as indicated:

—Name of applicant.

—Address, telephone number, and email address.

1. Independence

—Description of the applicant's affiliations with any Privacy Shield organization, or the U.S., Switzerland, any EU Member State or any other governmental authority, public authority, or enforcement authority.

2. Integrity

—On a separate page, the names, addresses, telephone, and fax numbers of three individuals willing to provide information concerning the applicant's qualifications for service, including the applicant's character, reputation, reliability, and judgment.

—Description of the applicant's willingness and ability to make time commitments necessary to be an arbitrator.

3. Expertise

—Demonstration of admittance to practice law in the United States.

—Relevant academic degrees and professional training and licensing.

—Current employment, including title, description of responsibility, name and address of employer, and name and telephone number of supervisor or other reference.

—Employment history, including the dates and addresses of each prior position and a summary of responsibilities.

—Description of expertise in U.S. privacy law and European or Swiss data protection law.

—Description of training or experience in arbitration or other forms of dispute resolution, if applicable.

—A list of publications, testimony, and speeches, if any, concerning U.S. privacy law and European or Swiss data protection law, with copies appended.

II. Method of Collection

As stated above, the Department is not currently seeking additional applications, but may do so in the future as appropriate. The Department previously requested and obtained approval of this information collection (OMB Control No. 0625-0278), which expires on 10/31/2021, and now seeks renewal of this information collection. Future applications would be submitted to the Department by email. More information on the arbitration mechanism may be found at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

III. Data

OMB Control Number: 0625-0278.

Form Number(s): None.

Type of Review: Regular submission, revision of a current information collection.

Affected Public: Private individuals.

Estimated Number of Respondents: 20.

Estimated Time per Response: 240 minutes.

Estimated Total Annual Burden Hours: 80.

Estimated Total Annual Cost to Public: $0.

Respondent's Obligation: Required to obtain or retain benefits.

Legal Authority: The Department's statutory authority to foster, promote, and develop the foreign and domestic commerce of the United States (15 U.S.C. 1512).

IV. Request for Comments

We are soliciting public comments to permit the Department/Bureau to: (a) Evaluate whether the proposed information collection is necessary for the proper functions of the Department, including whether the information will have practical utility; (b) Evaluate the accuracy of our estimate of the time and cost burden for this proposed collection, including the validity of the methodology and assumptions used; (c) Evaluate ways to enhance the quality, utility, and clarity of the information to be collected; and (d) Minimize the reporting burden on those who are to respond, including the use of automated collection techniques or other forms of information technology.

Comments that you submit in response to this notice are a matter of public record. We will include or summarize each comment in our request to OMB to approve this information collection request (ICR). Before including your address, phone number, email address, or other personal identifying information in your comment, you should be aware that your entire comment—including your personal identifying information—may be made publicly available at any time. While you may ask us in your comment to withhold your personal identifying information from public review, we cannot guarantee that we will be able to do so.