81 FR 47752 - Cost Recovery Fee Schedule for the EU-U.S. Privacy Shield Framework

DEPARTMENT OF COMMERCE
International Trade Administration

Federal Register Volume 81, Issue 141 (July 22, 2016)

Consistent with the guidelines in OMB Circular A-25, the U.S. Department of Commerce's International Trade Administration (ITA) is implementing a cost recovery program fee to support the operation of the EU-U.S. Privacy Shield Framework (Privacy Shield), which will require that U.S. organizations pay an annual fee to ITA in order to participate in the Privacy Shield. The cost recovery program will support the administration and supervision of the Privacy Shield program and support the provision of Privacy Shield-related services, including education and outreach. The Privacy Shield fee schedule will become effective on August 1, 2016, when ITA will begin accepting self-certifications. ITA also is providing the public with the opportunity to comment on the fee schedule. ITA will reassess the fee schedule after the first year of implementation and, in accordance with OMB Circular A-25, at least every two years thereafter.

[Federal Register Volume 81, Number 141 (Friday, July 22, 2016)]
[Notices]
[Pages 47752-47754]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2016-17508]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

International Trade Administration

[Docket No.: 160713610-6610-01]
RIN 0625-XC020


Cost Recovery Fee Schedule for the EU-U.S. Privacy Shield 
Framework

AGENCY: International Trade Administration, U.S. Department of 
Commerce.

ACTION: Notice of implementation of a cost recovery program fee with 
request for comments.

-----------------------------------------------------------------------

SUMMARY: Consistent with the guidelines in OMB Circular A-25, the U.S. 
Department of Commerce's International Trade Administration (ITA) is 
implementing a cost recovery program fee to support the operation of 
the EU-U.S. Privacy Shield Framework (Privacy Shield), which will 
require that U.S. organizations pay an annual fee to ITA in order to 
participate in the Privacy Shield. The cost recovery program will 
support the administration and supervision of the Privacy Shield 
program and support the provision of

[[Page 47753]]

Privacy Shield-related services, including education and outreach. The 
Privacy Shield fee schedule will become effective on August 1, 2016, 
when ITA will begin accepting self-certifications. ITA also is 
providing the public with the opportunity to comment on the fee 
schedule. ITA will reassess the fee schedule after the first year of 
implementation and, in accordance with OMB Circular A-25, at least 
every two years thereafter.

DATES: This fee schedule is effective August 1, 2016. Comments must be 
received by August 22, 2016.

ADDRESSES: You may submit comments by either of the following methods:
     Federal eRulemaking Portal: www.Regulations.gov. The 
identification number is ITA-2016-0007.
     Postal Mail/Commercial Delivery to Grace Harter, 
Department of Commerce, International Trade Administration, Room 20001, 
1401 Constitution Avenue NW., Washington, DC and reference ``Privacy 
Shield Fee Structure, ITA-2016-0007'' in the subject line.
    Instructions: You must submit comments by one of the above methods 
to ensure that we receive the comments and consider them. Comments sent 
by any other method, to any other address or individual, or received 
after the end of the comment period, may not be considered. All 
comments received are a part of the public record and will generally be 
posted to http://www.regulations.gov without change. All Personal 
Identifying Information (for example, name, address, etc.) voluntarily 
submitted by the commenter may be publicly accessible. Do not submit 
Confidential Business Information or otherwise sensitive or protected 
information.
    Commerce Department will accept anonymous comments (enter ``N/A'' 
in the required fields if you wish to remain anonymous). Attachments to 
electronic comments will be accepted in Microsoft Word, Excel, 
WordPerfect, or Adobe PDF file formats only. Supporting documents and 
any comments we receive on this docket may be viewed at http://www.regulations.gov/ITA-2016-0002.

FOR FURTHER INFORMATION CONTACT: Requests for additional information 
regarding the EU-U.S. Privacy Shield Framework should be directed to 
David Ritchie or Grace Harter, Department of Commerce, International 
Trade Administration, Room 20001, 1401 Constitution Avenue NW., 
Washington, DC, tel. 202-482-4936 or 202-482-1512 or via email at 
[email protected]. Additional information on ITA fees is 
available at trade.gov/fees.

SUPPLEMENTARY INFORMATION: 

Background

    Consistent with the guidelines in OMB Circular A-25 (https://www.whitehouse.gov/omb/circulars_a025), federal agencies are 
responsible for implementing cost recovery program fees.
    The role of ITA is to strengthen the competitiveness of U.S. 
industry, promote trade and investment, and ensure fair trade through 
the rigorous enforcement of our trade laws and agreements. ITA works to 
promote privacy policy frameworks to facilitate the flow of data across 
borders to support international trade.
    The United States and the European Union (EU) share the goal of 
enhancing privacy protection but take different approaches to 
protecting personal data. Given those differences, the Department of 
Commerce (DOC) developed the Privacy Shield in consultation with the 
European Commission, as well as with industry and other stakeholders, 
to provide organizations in the United States with a reliable mechanism 
for personal data transfers to the United States from the European 
Union while ensuring the protection of the data as required by EU law.
    In July 2016, the European Commission approved the EU-U.S. Privacy 
Shield Framework. The published Privacy Shield Principles are available 
at: [insert link]. The DOC has issued the Privacy Shield Principles 
under its statutory authority to foster, promote, and develop 
international commerce (15 U.S.C. 1512). ITA will administer and 
supervise the Privacy Shield, including by maintaining and making 
publicly available an authoritative list of U.S. organizations that 
have self-certified to the DOC. U.S. organizations submit information 
to ITA to self-certify their compliance with Privacy Shield. ITA will 
accept self-certification submissions beginning on August 1, 2016. At a 
future date, ITA will publish for public notice and comment information 
collections as described in the Privacy Shield Framework consistent 
with the Paperwork Reduction Act.
    U.S. organizations considering self-certifying to the Privacy 
Shield should review the Privacy Shield Framework. In summary, in order 
to enter the Privacy Shield, an organization must (a) be subject to the 
investigatory and enforcement powers of the Federal Trade Commission 
(FTC) or the Department of Transportation; (b) publicly declare its 
commitment to comply with the Principles through self-certification to 
the DOC; (c) publicly disclose its privacy policies in line with the 
Principles; and (d) fully implement them.
    Self-certification to the DOC is voluntary; however, an 
organization's failure to comply with the Principles after its self-
certification is enforceable under Section 5 of the Federal Trade 
Commission Act prohibiting unfair and deceptive acts in or affecting 
commerce (15 U.S.C. 45(a)) or other laws or regulations prohibiting 
such acts.
    ITA is implementing a cost recovery program to support the 
operation of the Privacy Shield, which will require U.S. organizations 
to pay an annual fee to ITA in order to participate in the program. The 
cost recovery program will support the administration and supervision 
of the Privacy Shield program and support the provision of Privacy 
Shield-related services, including education and outreach. The fee a 
given organization will be charged will be based on the organization's 
annual revenue:
    Fee Schedule:

         EU-U.S. Privacy Shield Framework Cost Recovery Program
------------------------------------------------------------------------
             Organization's annual  revenue                 Annual fee
------------------------------------------------------------------------
$0 to $5 million........................................            $250
Over $5 million to $25 million..........................             650
Over $25 million to $500 million........................           1,000
Over $500 million to $5 billion.........................           2,500
Over $5 billion.........................................           3,250
------------------------------------------------------------------------

    Organizations will have additional direct costs associated with 
participating in the Privacy Shield. For example, Privacy Shield 
organizations must provide a readily available independent recourse 
mechanism to hear individual complaints at no cost to the individual. 
Furthermore, organizations will be required to pay contributions in 
connection with the arbitral model, as described in Annex I to the 
Principles.

Method for Determining Fees

    ITA collects, retains, and expends user fees pursuant to delegated 
authority under the Mutual Educational and Cultural Exchange Act as 
authorized in its annual appropriations acts.
    The EU-U.S. Privacy Shield Framework was developed to provide 
organizations in the United States with a reliable mechanism for 
personal data transfers that underpin the trade and investment 
relationship between the United States and the EU.

[[Page 47754]]

    Fees are set taking into account the operational costs borne by ITA 
to administer and supervise the Privacy Shield program. The Privacy 
Shield program will require a significant commitment of resources and 
staff. The Privacy Shield Framework includes commitments from ITA to:
     Maintain a Privacy Shield Web site;
     verify self-certification requirements submitted by 
organizations to participate in the program;
     expand efforts to follow up with organizations that have 
been removed from the Privacy Shield List;
     search for and address false claims of participation;
     conduct periodic compliance reviews and assessments of the 
program;
     provide information regarding the program to targeted 
audiences;
     increase cooperation with EU data protection authorities;
     facilitate resolution of complaints about non-compliance;
     hold annual meetings with the European Commission and 
other authorities to review the program, and
     provide an update of laws relevant to Privacy Shield.
    In setting the Privacy Shield fee schedule, ITA determined that the 
services provided offer special benefits to an identifiable recipient 
beyond those that accrue to the general public. ITA calculated the 
actual cost of providing its services in order to provide a basis for 
setting each fee. Actual cost incorporates direct and indirect costs, 
including operations and maintenance, overhead, and charges for the use 
of capital facilities. ITA also took into account additional factors, 
including adequacy of cost recovery, affordability, and costs 
associated with alternative options available to U.S. organizations for 
the receipt of personal data from the EU.
    ITA is establishing a 5-tiered fee schedule that will promote the 
participation of small organizations in Privacy Shield. A multiple-
tiered fee schedule allows ITA to offer the organizations with lower 
revenue a lower fee. In setting the 5 tiers, ITA considered, in 
conjunction with the factors mentioned above: (1) The Small Business 
Administration's guidance on identifying SMEs in various industries 
most likely to participate in the Privacy Shield, such as computer 
services, software and information services; (2) the likelihood that 
small companies would be expected to receive less personal data and 
thereby use fewer government resources; and (3) the likelihood that 
companies with higher revenue would have more customers whose data they 
process, which would use more government resources dedicated to 
administering and overseeing Privacy Shield. For example, if a company 
holds more data it could reasonably produce more questions and 
complaints from consumers and the European Union's Data Protection 
Authorities (DPAs). ITA has committed to facilitating the resolution of 
individual complaints and to communicating with the FTC and the DPAs 
regarding consumer complaints. Lastly, the fee increases between the 
tiers are based in part on projected program costs and estimated 
participation levels among companies within each tier.

Conclusion

    Based on the information provided above, ITA believes that its 
Privacy Shield cost recovery fee schedule is consistent with the 
objective of OMB Circular A-25 to ``promote efficient allocation of the 
nation's resources by establishing charges for special benefits 
provided to the recipient that are at least as great as the cost to the 
U.S. Government of providing the special benefits . . .'' OMB Circular 
A-25(5)(b). ITA is providing the public with the opportunity to comment 
on the fee schedule, and it will consider these comments when it 
reassesses the fee schedule. ITA will reassess the fee schedule after 
the first year of implementation and, in accordance with OMB Circular 
A-25, at least every two years thereafter.

    Dated: July 20, 2016.
Edward M. Dean,
Deputy Assistant Secretary for Services, International Trade 
Administration, U.S. Department of Commerce.
[FR Doc. 2016-17508 Filed 7-21-16; 8:45 am]
BILLING CODE 3510-DR-P