Agency Information Collection Activities; Submission to the Office of Management and Budget (OMB) for Review and Approval; Comment Request; Self-Certifications Under the Data Privacy Framework Program, 37509-37510 [2023-12199]

Download as PDF ddrumheller on DSK120RN23PROD with NOTICES1 Federal Register / Vol. 88, No. 110 / Thursday, June 8, 2023 / Notices being nominated, why the nominee wants to be a committee member, and his or her qualifications for membership, and how the submitter learned about this call for nominations. The cover letter should also include the statements required below related to Federally Registered Lobbyists and Foreign Firms. If applicable, the application should include a sponsor letter on the non-Federal governmental entity letterhead containing a brief description of the manner in which international trade affects the entity and why the applicant should be considered for membership. Forms may also be requested by sending an email to ATACs@usda.gov, or by phone at (202) 868–7059. Federally Registered Lobbyists: All nominees must provide a statement confirming their lobbyist status. Pursuant to the Revised Guidance on the Appointment of Lobbyists to Federal Advisory Committees, Boards and Commissions, published by the Office of Management and Budget (OMB) on August 13, 2014, federally-registered lobbyists are no longer prohibited from serving on the advisory committees in a representative capacity. OMB’s revised guidance clarifies that the eligibility restriction does not apply to advisory committee members who are specifically appointed to represent the interests of a nongovernmental entity, a recognizable group of persons or nongovernmental entities (an industry sector, labor unions, environmental groups, etc.), or state or local governments. The lobbyist prohibition continues to apply to persons serving on advisory committees in their individual capacity (e.g., SGEs). Foreign Firms: If the nominee is to represent an entity or corporation with ten percent or greater non-U.S. ownership, the nominee must state the extent to which the organization or interest to be represented by the nominee is owned by non-U.S. citizens, organizations, or interests and demonstrate at the time of nomination that this ownership interest does not constitute control and will not adversely affect his or her ability to serve as an advisor on the U.S. agriculture advisory committee for trade. Dated: June 5, 2023. Cikena Reid, USDA Committee Management Officer. [FR Doc. 2023–12313 Filed 6–6–23; 11:15 am] BILLING CODE 3410–10–P VerDate Sep<11>2014 16:15 Jun 07, 2023 Jkt 259001 DEPARTMENT OF COMMERCE International Trade Administration Agency Information Collection Activities; Submission to the Office of Management and Budget (OMB) for Review and Approval; Comment Request; Self-Certifications Under the Data Privacy Framework Program The Department of Commerce will submit the following information collection request to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995, on or after the date of publication of this notice. We invite the general public and other Federal agencies to comment on proposed, and continuing information collections, which helps us assess the impact of our information collection requirements and minimize the public’s reporting burden. Public comments were previously requested via the Federal Register on March 30, 2023 during a 60-day comment period. This notice allows for an additional 30 days for public comments. Agency: International Trade Administration, Department of Commerce. Title: Self-Certifications under the Data Privacy Framework Program. OMB Control Number: New Collection. Not yet assigned. Form Number(s): None. Type of Request: Regular submission, new information collection. Number of Respondents: 4,000. Average Hours per Response: 40 minutes. Burden Hours: 3,062 hours. Needs and Uses: The United States, the European Union (EU), the United Kingdom (UK), and Switzerland share a commitment to enhancing privacy protection, the rule of law, and a recognition of the importance of transatlantic data flows to our respective citizens, economies, and societies, but take different approaches to doing so. Given those differences, the Department of Commerce (DOC) developed the EU– U.S. Data Privacy Framework (EU–U.S. DPF), the UK Extension to the EU–U.S. Data Privacy Framework (UK Extension to the EU–U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) in consultation with the European Commission, the UK Government, the Swiss Federal Administration, industry, and other stakeholders. These arrangements were respectively developed to provide U.S. organizations reliable mechanisms for personal data transfers to the United States from the European Union, the United Kingdom PO 00000 Frm 00005 Fmt 4703 Sfmt 4703 37509 (and, as applicable, Gibraltar), and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law. The DOC is issuing the EU–U.S. DPF Principles and the Swiss-U.S. DPF Principles, including the respective sets of Supplemental Principles (collectively the Principles) and Annex I of the Principles, as well as the UK Extension to the EU–U.S. DPF under its statutory authority to foster, promote, and develop international commerce (15 U.S.C. 1512). The International Trade Administration (ITA) will administer and supervise the Data Privacy Framework program, including maintaining and making publicly available the Data Privacy Framework List, an authoritative list of U.S. organizations that have self-certified to the DOC and declared their commitment to adhere to the Principles pursuant to the EU–U.S. DPF and, as applicable, the UK Extension to the EU–U.S. DPF, and/ or the Swiss-U.S. DPF. On the basis of the Principles, Executive Order 14086, 28 CFR part 201, and accompanying letters and materials, including ITA’s commitments regarding the administration and supervision of the Data Privacy Framework program, it is the DOC’s expectation that the European Commission, the UK Government, and the Swiss Federal Administration will respectively recognize the adequacy of the protection provided by the EU–U.S. DPF, the UK Extension to the EU–U.S. DPF, and the Swiss-U.S. DPF thereby enabling personal data transfers from each respective jurisdiction to U.S. organizations participating in the relevant part of the Data Privacy Framework program. It is the DOC’s present expectation that the effective date of the EU–U.S. DPF Principles would coincide with the entry into force of the European Commission’s anticipated recognition of adequacy, whereas the respective effective dates of the UK Extension to the EU–U.S. DPF and the Swiss-U.S. DPF Principles would occur before the entry into force of the anticipated, respective recognitions of adequacy (i.e., to enable U.S. organizations from the earliest possible date to self-certify their compliance with multiple parts of the Data Privacy Framework program). Personal data cannot be received in reliance on the EU–U.S. DPF, the UK Extension to the EU–U.S. DPF, and the Swiss-U.S. DPF until they have respectively received such recognition (i.e., until such formal recognition enters into force). In order to participate in the EU–U.S. DPF and, as applicable, the UK Extension to the EU–U.S. DPF, and/or E:\FR\FM\08JNN1.SGM 08JNN1 ddrumheller on DSK120RN23PROD with NOTICES1 37510 Federal Register / Vol. 88, No. 110 / Thursday, June 8, 2023 / Notices the Swiss-U.S. DPF an organization must (a) be subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), the Department of Transportation (DOT), or another statutory body that will effectively ensure compliance with the Principles; (b) publicly declare its commitment to comply with the Principles; (c) publicly disclose its privacy policies in line with the Principles; and (d) fully implement them. To rely on the EU–U.S. DPF and, as applicable, the UK Extension to the EU– U.S. DPF, and/or the Swiss-U.S. DPF an organization must self-certify its adherence to the Principles to the DOC, and both be placed and remain on the Data Privacy Framework List. Such organizations’ commitment to comply with the Principles must be reflected in their self-certification submissions to the DOC and in their privacy policies. Organizations that only wish to selfcertify their compliance pursuant to the EU–U.S. DPF and/or the Swiss-U.S. DPF may do so; however, organizations that wish to participate in the UK Extension to the EU–U.S. DPF must participate in the EU–U.S. DPF. The DOC will update the Data Privacy Framework List on the basis of annual re-certification submissions made by participating organizations and by removing organizations when they voluntarily withdraw, fail to complete the annual re-certification in accordance with the DOC’s procedures, or are found to persistently fail to comply. The DOC will also maintain and make available to the public an authoritative record of U.S. organizations that have been removed from the Data Privacy Framework List and will identify the reason each organization was removed. The aforementioned authoritative list and record will remain available to the public on the DOC’s Data Privacy Framework program website. An organization’s failure to comply with the Principles after its self-certification is enforceable by the FTC under Section 5 of the Federal Trade Commission (FTC) Act prohibiting unfair or deceptive acts in or affecting commerce (15 U.S.C. 45); by the DOT under 49 U.S.C. 41712 prohibiting a carrier or ticket agent from engaging in an unfair or deceptive practice in air transportation or the sale of air transportation; or under other laws or regulations prohibiting such acts. To initially self-certify or subsequently re-certify for the EU–U.S. DPF and, as applicable, UK Extension to the EU–U.S. DPF, and/or the Swiss-U.S. DPF, an organization must on each occasion provide to the DOC a VerDate Sep<11>2014 16:15 Jun 07, 2023 Jkt 259001 submission that contains the relevant information specified in the Principles. The submission must be made via the DOC’s Data Privacy Framework program website by an individual within the organization who is authorized to make representations on behalf of the organization and any of its covered U.S. entities regarding its adherence to the Principles. Such an organization must respond promptly to inquiries and other requests for information from the DOC relating to the organization’s adherence to the Principles. ITA has committed to follow up with organizations that have been or wish to be removed from the Data Privacy Framework List. ITA will direct organizations that allow their selfcertifications to lapse to verify whether they intend to re-certify or instead intend to withdraw. An organization that intends to re-certify will be required to further verify to the DOC that during the lapse of its certification status it applied the Principles to relevant personal data received in reliance on its participation in the Data Privacy Framework program and clarify what steps it will take to address the outstanding issues that have delayed its re-certification. An organization that intends to withdraw will be required to further verify to the DOC what it will do and/or has done (as applicable) with the relevant personal data that it received in reliance on its participation in the Data Privacy Framework program and who within the organization will serve as an ongoing point of contact for Principlesrelated questions. Organizations will be required to provide such verification to the DOC by completing and submitting appropriate questionnaires to the DOC. ITA has also committed to conduct compliance reviews on an ongoing basis, including, as appropriate, through sending detailed questionnaires to participating organizations. The DOC will require that a participating organization complete and submit to the DOC such a questionnaire when: (a) the DOC has received any specific, nonfrivolous complaints about the organization’s compliance with the Principles; (b) the organization does not respond satisfactorily to inquiries by the DOC for information relating to the organization’s adherence to the Principles; or (c) there is credible evidence that the organization does not comply with its commitments under the EU–U.S. DPF and, as applicable, the UK Extension to the EU–U.S. DPF, and/or the Swiss-U.S. DPF. Affected Public: Primarily businesses or other for-profit organizations. Frequency: Annual and periodic. Respondent’s Obligation: Voluntary. PO 00000 Frm 00006 Fmt 4703 Sfmt 4703 Legal Authority: The DOC’s statutory authority to foster, promote, and develop the foreign and domestic commerce of the United States (15 U.S.C. 1512). This information collection request may be viewed at www.reginfo.gov. Follow the instructions to view the Department of Commerce collections currently under review by OMB. Written comments and recommendations for the proposed information collection should be submitted within 30 days of the publication of this notice on the following website www.reginfo.gov/ public/do/PRAMain. Find this particular information collection by selecting ‘‘Currently under 30-day Review—Open for Public Comments’’ or by using the search function and entering the title of the collection. Sheleen Dumas, Department PRA Clearance Officer, Office of the Under Secretary for Economic Affairs, Commerce Department. [FR Doc. 2023–12199 Filed 6–7–23; 8:45 am] BILLING CODE 3510–DS–P DEPARTMENT OF COMMERCE International Trade Administration [A–570–831] Fresh Garlic From the People’s Republic of China: Initiation of Circumvention Inquiry on the Antidumping Duty Order Enforcement and Compliance, International Trade Administration, Department of Commerce. AGENCY: In response to a request from the Fresh Garlic Producers Association and its individual members (collectively, the petitioners), the Department of Commerce (Commerce) is initiating a country-wide circumvention inquiry to determine whether imports of small and large garlic chunks from the People’s Republic of China (China) are circumventing the antidumping duty (AD) order on fresh garlic from China. SUMMARY: DATES: Applicable June 8, 2023. FOR FURTHER INFORMATION CONTACT: Charles DeFilippo or Jacob Saude; AD/ CVD Operations, Enforcement and Compliance, International Trade Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW, Washington, DC 20230; telephone: (202) 482–3979 or 202–482–0981, respectively. E:\FR\FM\08JNN1.SGM 08JNN1

Agencies

[Federal Register Volume 88, Number 110 (Thursday, June 8, 2023)]
[Notices]
[Pages 37509-37510]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-12199]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

International Trade Administration


Agency Information Collection Activities; Submission to the 
Office of Management and Budget (OMB) for Review and Approval; Comment 
Request; Self-Certifications Under the Data Privacy Framework Program

    The Department of Commerce will submit the following information 
collection request to the Office of Management and Budget (OMB) for 
review and clearance in accordance with the Paperwork Reduction Act of 
1995, on or after the date of publication of this notice. We invite the 
general public and other Federal agencies to comment on proposed, and 
continuing information collections, which helps us assess the impact of 
our information collection requirements and minimize the public's 
reporting burden. Public comments were previously requested via the 
Federal Register on March 30, 2023 during a 60-day comment period. This 
notice allows for an additional 30 days for public comments.
    Agency: International Trade Administration, Department of Commerce.
    Title: Self-Certifications under the Data Privacy Framework 
Program.
    OMB Control Number: New Collection. Not yet assigned.
    Form Number(s): None.
    Type of Request: Regular submission, new information collection.
    Number of Respondents: 4,000.
    Average Hours per Response: 40 minutes.
    Burden Hours: 3,062 hours.
    Needs and Uses: The United States, the European Union (EU), the 
United Kingdom (UK), and Switzerland share a commitment to enhancing 
privacy protection, the rule of law, and a recognition of the 
importance of transatlantic data flows to our respective citizens, 
economies, and societies, but take different approaches to doing so. 
Given those differences, the Department of Commerce (DOC) developed the 
EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the 
EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), and 
the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) in consultation 
with the European Commission, the UK Government, the Swiss Federal 
Administration, industry, and other stakeholders. These arrangements 
were respectively developed to provide U.S. organizations reliable 
mechanisms for personal data transfers to the United States from the 
European Union, the United Kingdom (and, as applicable, Gibraltar), and 
Switzerland while ensuring data protection that is consistent with EU, 
UK, and Swiss law.
    The DOC is issuing the EU-U.S. DPF Principles and the Swiss-U.S. 
DPF Principles, including the respective sets of Supplemental 
Principles (collectively the Principles) and Annex I of the Principles, 
as well as the UK Extension to the EU-U.S. DPF under its statutory 
authority to foster, promote, and develop international commerce (15 
U.S.C. 1512). The International Trade Administration (ITA) will 
administer and supervise the Data Privacy Framework program, including 
maintaining and making publicly available the Data Privacy Framework 
List, an authoritative list of U.S. organizations that have self-
certified to the DOC and declared their commitment to adhere to the 
Principles pursuant to the EU-U.S. DPF and, as applicable, the UK 
Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF. On the basis 
of the Principles, Executive Order 14086, 28 CFR part 201, and 
accompanying letters and materials, including ITA's commitments 
regarding the administration and supervision of the Data Privacy 
Framework program, it is the DOC's expectation that the European 
Commission, the UK Government, and the Swiss Federal Administration 
will respectively recognize the adequacy of the protection provided by 
the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-
U.S. DPF thereby enabling personal data transfers from each respective 
jurisdiction to U.S. organizations participating in the relevant part 
of the Data Privacy Framework program. It is the DOC's present 
expectation that the effective date of the EU-U.S. DPF Principles would 
coincide with the entry into force of the European Commission's 
anticipated recognition of adequacy, whereas the respective effective 
dates of the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF 
Principles would occur before the entry into force of the anticipated, 
respective recognitions of adequacy (i.e., to enable U.S. organizations 
from the earliest possible date to self-certify their compliance with 
multiple parts of the Data Privacy Framework program). Personal data 
cannot be received in reliance on the EU-U.S. DPF, the UK Extension to 
the EU-U.S. DPF, and the Swiss-U.S. DPF until they have respectively 
received such recognition (i.e., until such formal recognition enters 
into force).
    In order to participate in the EU-U.S. DPF and, as applicable, the 
UK Extension to the EU-U.S. DPF, and/or

[[Page 37510]]

the Swiss-U.S. DPF an organization must (a) be subject to the 
investigatory and enforcement powers of the Federal Trade Commission 
(FTC), the Department of Transportation (DOT), or another statutory 
body that will effectively ensure compliance with the Principles; (b) 
publicly declare its commitment to comply with the Principles; (c) 
publicly disclose its privacy policies in line with the Principles; and 
(d) fully implement them.
    To rely on the EU-U.S. DPF and, as applicable, the UK Extension to 
the EU-U.S. DPF, and/or the Swiss-U.S. DPF an organization must self-
certify its adherence to the Principles to the DOC, and both be placed 
and remain on the Data Privacy Framework List. Such organizations' 
commitment to comply with the Principles must be reflected in their 
self-certification submissions to the DOC and in their privacy 
policies. Organizations that only wish to self-certify their compliance 
pursuant to the EU-U.S. DPF and/or the Swiss-U.S. DPF may do so; 
however, organizations that wish to participate in the UK Extension to 
the EU-U.S. DPF must participate in the EU-U.S. DPF. The DOC will 
update the Data Privacy Framework List on the basis of annual re-
certification submissions made by participating organizations and by 
removing organizations when they voluntarily withdraw, fail to complete 
the annual re-certification in accordance with the DOC's procedures, or 
are found to persistently fail to comply. The DOC will also maintain 
and make available to the public an authoritative record of U.S. 
organizations that have been removed from the Data Privacy Framework 
List and will identify the reason each organization was removed. The 
aforementioned authoritative list and record will remain available to 
the public on the DOC's Data Privacy Framework program website. An 
organization's failure to comply with the Principles after its self-
certification is enforceable by the FTC under Section 5 of the Federal 
Trade Commission (FTC) Act prohibiting unfair or deceptive acts in or 
affecting commerce (15 U.S.C. 45); by the DOT under 49 U.S.C. 41712 
prohibiting a carrier or ticket agent from engaging in an unfair or 
deceptive practice in air transportation or the sale of air 
transportation; or under other laws or regulations prohibiting such 
acts.
    To initially self-certify or subsequently re-certify for the EU-
U.S. DPF and, as applicable, UK Extension to the EU-U.S. DPF, and/or 
the Swiss-U.S. DPF, an organization must on each occasion provide to 
the DOC a submission that contains the relevant information specified 
in the Principles. The submission must be made via the DOC's Data 
Privacy Framework program website by an individual within the 
organization who is authorized to make representations on behalf of the 
organization and any of its covered U.S. entities regarding its 
adherence to the Principles. Such an organization must respond promptly 
to inquiries and other requests for information from the DOC relating 
to the organization's adherence to the Principles.
    ITA has committed to follow up with organizations that have been or 
wish to be removed from the Data Privacy Framework List. ITA will 
direct organizations that allow their self-certifications to lapse to 
verify whether they intend to re-certify or instead intend to withdraw. 
An organization that intends to re-certify will be required to further 
verify to the DOC that during the lapse of its certification status it 
applied the Principles to relevant personal data received in reliance 
on its participation in the Data Privacy Framework program and clarify 
what steps it will take to address the outstanding issues that have 
delayed its re-certification. An organization that intends to withdraw 
will be required to further verify to the DOC what it will do and/or 
has done (as applicable) with the relevant personal data that it 
received in reliance on its participation in the Data Privacy Framework 
program and who within the organization will serve as an ongoing point 
of contact for Principles-related questions. Organizations will be 
required to provide such verification to the DOC by completing and 
submitting appropriate questionnaires to the DOC.
    ITA has also committed to conduct compliance reviews on an ongoing 
basis, including, as appropriate, through sending detailed 
questionnaires to participating organizations. The DOC will require 
that a participating organization complete and submit to the DOC such a 
questionnaire when: (a) the DOC has received any specific, non-
frivolous complaints about the organization's compliance with the 
Principles; (b) the organization does not respond satisfactorily to 
inquiries by the DOC for information relating to the organization's 
adherence to the Principles; or (c) there is credible evidence that the 
organization does not comply with its commitments under the EU-U.S. DPF 
and, as applicable, the UK Extension to the EU-U.S. DPF, and/or the 
Swiss-U.S. DPF.
    Affected Public: Primarily businesses or other for-profit 
organizations.
    Frequency: Annual and periodic.
    Respondent's Obligation: Voluntary.
    Legal Authority: The DOC's statutory authority to foster, promote, 
and develop the foreign and domestic commerce of the United States (15 
U.S.C. 1512).
    This information collection request may be viewed at 
www.reginfo.gov. Follow the instructions to view the Department of 
Commerce collections currently under review by OMB.
    Written comments and recommendations for the proposed information 
collection should be submitted within 30 days of the publication of 
this notice on the following website www.reginfo.gov/public/do/PRAMain. 
Find this particular information collection by selecting ``Currently 
under 30-day Review--Open for Public Comments'' or by using the search 
function and entering the title of the collection.

Sheleen Dumas,
Department PRA Clearance Officer, Office of the Under Secretary for 
Economic Affairs, Commerce Department.
[FR Doc. 2023-12199 Filed 6-7-23; 8:45 am]
BILLING CODE 3510-DS-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.