Revisions to the Fee Schedule for the Data Privacy Framework Program, 56289-56292 [2024-14983]
Download as PDF
<![CDATA[
Federal Register / Vol. 89, No. 131 / Tuesday, July 9, 2024 / Notices
lotter on DSK11XQN23PROD with NOTICES1
Closed Session
7. Discussion of matters determined to
be exempt from the open meeting and
public participation requirements found
in sections 1009(a)(1) and 1009(a)(3) of
the Federal Advisory Committee Act
(FACA) (5 U.S.C. 1001–1014). The
exemption is authorized by section
1009(d) of the FACA, which permits the
closure of advisory committee meetings,
or portions thereof, if the head of the
agency to which the advisory committee
reports determines such meetings may
be closed to the public in accordance
with subsection (c) of the Government
in the Sunshine Act (5 U.S.C. 552b(c)).
In this case, the applicable provisions of
5 U.S.C. 552b(c) are subsection
552b(c)(4), which permits closure to
protect trade secrets and commercial or
financial information that is privileged
or confidential, and subsection
552b(c)(9)(B), which permits closure to
protect information that would be likely
to significantly frustrate implementation
of a proposed agency action were it to
be disclosed prematurely. The closed
session of the meeting will involve
committee discussions and guidance
regarding U.S. Government strategies
and policies.
The open session will be accessible
via teleconference. To join the
conference, submit inquiries to Ms.
Yvette Springer at Yvette.Springer@
bis.doc.gov, no later than July 17, 2024.
A limited number of seats will be
available for members of the public to
attend the open session in person.
Reservations are not accepted.
Special Accommodations: Individuals
requiring special accommodations to
access the public meeting should
contact Ms. Yvette Springer no later
than Tuesday, July 17, 2024, so that
appropriate arrangements can be made.
To the extent time permits, members
of the public may present oral
statements to the Committee. The public
may submit written statements at any
time before or after the meeting.
However, to facilitate distribution of
materials to the Committee members,
the Committee suggests that members of
the public forward their materials prior
to the meeting to Ms. Springer via email.
Material submitted by the public will be
made public and therefore should not
contain confidential information.
Meeting materials from the public
session will be accessible via the
Technical Advisory Committee (TAC)
site at https://tac.bis.gov, within 30-days
after the meeting.
The Deputy Assistant Secretary for
Administration Performing the nonexclusive functions and duties of the
Chief Financial Officer, with the
VerDate Sep<11>2014
18:00 Jul 08, 2024
Jkt 262001
concurrence of the delegate of the
General Counsel, formally determined
on February 15, 2024, pursuant to 5
U.S.C. 1009(d)), that the portion of the
meeting dealing with pre-decisional
changes to the Commerce Control List
and the U.S. export control policies
shall be exempt from the provisions
relating to public meetings found in 5
U.S.C. 1009(a)(1) and 1009(a)(3). The
remaining portions of the meeting will
be open to the public.
Meeting cancellation: If the meeting is
cancelled, a cancellation notice will be
posted on the TAC website at https://
tac.bis.doc.gov.
For more information, contact Ms.
Springer via email.
Yvette Springer,
Committee Liaison Officer.
[FR Doc. 2024–15017 Filed 7–8–24; 8:45 am]
BILLING CODE 3510–JT–P
DEPARTMENT OF COMMERCE
International Trade Administration
[Docket No. 240702–0183]
Revisions to the Fee Schedule for the
Data Privacy Framework Program
International Trade
Administration, U.S. Department of
Commerce.
ACTION: Notice of revisions; request for
public comments.
AGENCY:
Consistent with the
guidelines in OMB Circular A–25, the
U.S. Department of Commerce’s
International Trade Administration
(ITA) is revising the fee schedule that
was last updated on April 12, 2017. This
notice revises the Privacy Shield
program fee schedule to reflect the
change in the name of the program from
the ‘‘Privacy Shield’’ program to the
‘‘Data Privacy Framework’’ program and
to amend the fees. This is to support the
operation of the EU–U.S. DPF, the UK
Extension to the EU–U.S. DPF, and the
Swiss-U.S. DPF (collectively, the DPF
program).
DATES: The revisions to the fee schedule
will become effective 30 days after the
final fee schedule is published.
Comments must be received by August
7th, 2024.
ADDRESSES: You may submit comments
by either of the following methods:
• Federal eRulemaking Portal at
www.Regulations.gov. The identification
number is ITA–2024–0001.
• Postal Mail/Commercial Delivery to
Isabella Carlton, Department of
Commerce, International Trade
Administration, Room 11018, 1401
SUMMARY:
PO 00000
Frm 00014
Fmt 4703
Sfmt 4703
56289
Constitution Avenue NW, Washington,
DC, and reference ‘‘Revisions to the Fee
Schedule for the Data Privacy
Framework Program’’ in the subject line.
Instructions: You must submit
comments by one of the above methods
to ensure that the comments are
received and considered. Comments
sent by any other method, to any other
address or individual, or received after
the end of the comment period, may not
be considered. All comments received
are a part of the public record and will
generally be posted to https://
www.regulations.gov without change.
All Personal Identifying Information
(e.g., name, address, etc.) voluntarily
submitted by the commenter may be
publicly accessible. Do not submit
Confidential Business Information or
otherwise sensitive or protected
information. ITA will accept
anonymous comments (enter ‘‘N/A’’ in
the required fields if you wish to remain
anonymous). Attachments to electronic
comments will be accepted in Microsoft
Word, Excel, or Adobe PDF file formats
only. Supporting documents and any
comments we receive on this docket
may be viewed at https://
www.regulations.gov/ (https://
www.regulations.gov/) ITA–2024–0001.
More information regarding the DPF
program can be found at https://
www.dataprivacyframework.gov/
Program-Overview.
FOR FURTHER INFORMATION CONTACT:
Requests for additional information
regarding the DPF program should be
directed to Isabella Carlton, Department
of Commerce, International Trade
Administration, Room 11018, 1401
Constitution Avenue NW, Washington,
DC, tel. (202) 482–1512 or via email at
dpf.program@trade.gov. Additional
information on ITA fees is available at
trade.gov/fees.
SUPPLEMENTARY INFORMATION:
Background
On July 17, 2023, the U.S. Department
of Commerce (DOC) launched the Data
Privacy Framework (DPF) program. The
EU–U.S. Data Privacy Framework (EU–
U.S. DPF), UK Extension to the EU–U.S.
DPF, and Swiss-U.S. Data Privacy
Framework (Swiss-U.S. DPF) were
respectively developed by the DOC and
the European Commission, UK
Government, and Swiss Federal
Administration to provide U.S.
organizations with reliable mechanisms
for personal data transfers to the United
States from the EU, UK, and
Switzerland while ensuring data
protection that is consistent with EU,
UK, and Swiss law. The EU–U.S. DPF
amends the privacy principles that
E:\FR\FM\09JYN1.SGM
09JYN1
lotter on DSK11XQN23PROD with NOTICES1
56290
Federal Register / Vol. 89, No. 131 / Tuesday, July 9, 2024 / Notices
organizations adhered to under the EU–
U.S. Privacy Shield Framework as the
‘‘EU–U.S. Data Privacy Framework
Principles’’ (EU–U.S. DPF Principles),
and the Swiss-U.S. DPF amends the
privacy principles that organizations
adhered to under the Swiss-U.S. Privacy
Shield Framework as the ‘‘Swiss-U.S.
Data Privacy Framework Principles’’
(Swiss-U.S. DPF Principles). For more
detailed information on the DPF
program, please see https://www.data
privacyframework.gov/ProgramOverview.
Consistent with the guidelines in
OMB Circular A–25, Federal agencies
are responsible for implementing cost
recovery program fees. The role of ITA
is to strengthen the competitiveness of
U.S. industry, promote trade and
investment, and ensure fair trade
through the rigorous enforcement of
U.S. trade laws and agreements. ITA
works to promote privacy policy
frameworks to facilitate the trusted flow
of data across borders with strong
privacy protections, which in turn
supports international trade.
The U.S., EU, UK, and Switzerland
share a commitment to enhancing
privacy protection, the rule of law, and
a recognition of the importance of
transatlantic data flows to our respective
citizens, economies, and societies, but
have different legal systems and take
different approaches to doing so. Given
those differences, the DOC developed
the EU–U.S. DPF, the UK Extension to
the EU–U.S. DPF, and the Swiss-U.S.
DPF in consultation with the European
Commission, the UK Government, the
Swiss Federal Administration, industry,
and other stakeholders. These
arrangements were respectively
developed to provide U.S. organizations
reliable mechanisms for personal data
transfers to the U.S. from the EU, UK,
and Switzerland that are consistent with
EU, UK, and Swiss law.
The DOC has issued the EU–U.S. DPF
Principles and the Swiss-U.S. DPF
Principles, including the respective sets
of Supplemental Principles
(collectively, the Principles) and Annex
I to the Principles, as well as the UK
Extension to the EU–U.S. DPF under its
statutory authority to foster, promote,
and develop international commerce (15
U.S.C. 1512).
To participate in the EU–U.S. DPF
and, as applicable, the UK Extension to
the EU–U.S. DPF, and/or the Swiss-U.S.
DPF an organization must: (1) be subject
to the investigatory and enforcement
powers of the Federal Trade
Commission (FTC), the Department of
Transportation (DOT), or another
statutory body that will effectively
ensure compliance with the Principles;
VerDate Sep<11>2014
18:00 Jul 08, 2024
Jkt 262001
(2) publicly declare its commitment to
comply with the Principles; (3) publicly
disclose its privacy policies in line with
the Principles; and (4) fully implement
the Principles.
While the decision by an organization
to self-certify its compliance and to
participate in the DPF is voluntary;
effective compliance is compulsory:
organizations that self-certify to the
DOC and publicly declare their
commitment to adhere to the Principles
must comply fully with the Principles.
Organizations that only wish to selfcertify their compliance pursuant to the
EU–U.S. DPF and/or the Swiss-U.S. DPF
may do so; however, organizations that
wish to participate in the UK Extension
to the EU–U.S. DPF must participate in
the EU–U.S. DPF. Such organizations’
commitment to comply with the
Principles with regard to transfers of
personal data from the EU and, as
applicable, the UK, and/or Switzerland
must be reflected in their selfcertification submissions to the DOC,
and in their privacy policies. An
organization’s failure to comply with
the Principles after its self-certification
is enforceable: (1) by the FTC under
Section 5 of the Federal Trade
Commission (FTC) Act prohibiting
unfair or deceptive acts in or affecting
commerce (15 U.S.C. 45); (2) by the DOT
under 49 U.S.C. 41712 prohibiting a
carrier or ticket agent from engaging in
an unfair or deceptive practice in air
transportation or the sale of air
transportation; or (3) under other laws
or regulations prohibiting such acts.
U.S. organizations considering selfcertifying their compliance pursuant to
the EU–U.S. DPF and, as applicable, the
UK Extension to the EU–U.S. DPF, and/
or the Swiss-U.S. DPF should review the
requirements in their entirety, including
the Principles and associated
documents available in full at
www.dataprivacyframework.gov.
Revisions to the Fee Schedule
ITA initially implemented a cost
recovery program to support the
operation of the EU–U.S. Privacy Shield
Framework and the Swiss-U.S. Privacy
Shield Frameworks (collectively, the
Privacy Shield program) and is revising
that fee schedule to support the
operation of the DPF program. The cost
recovery program will support the
administration and supervision of the
DPF program and support services
related to the DPF program, including
education and outreach. The revisions
to the fee schedule will become effective
30 days after the final fee schedule is
published.
The Cost Recovery Fee Schedule for
the EU–U.S. Privacy Shield Framework,
PO 00000
Frm 00015
Fmt 4703
Sfmt 4703
published September 30, 2016 (81 FR
67293), describes the fees implemented
by ITA to cover the administration and
supervision of the EU–U.S. Privacy
Shield Framework. The first amendment
to the Cost Recovery Fee Schedule for
the EU–U.S. Privacy Shield Framework,
published April 4, 2017 (82 FR 16375),
describes the additional fees
implemented by ITA to cover the
administration and supervision of the
Swiss-U.S. Privacy Shield Framework.
Under this revision to the fee schedule,
organizations that opt to self-certify only
for the EU–U.S. DPF, only the EU–U.S.
DPF and the UK Extension to the EU–
U.S. DPF, or only the Swiss-U.S. DPF
will pay a single fee when initially selfcertifying or re-certifying. Organizations
that opt to self-certify for an additional
framework will pay an additional 50
percent of that single fee when selfcertifying or re-certifying for the
additional framework, reflecting the
efficiency savings in administering the
DPF program for organizations that
participate in multiple parts of the DPF
program. As organizations that wish to
participate in the UK Extension to the
EU–U.S. DPF must participate in the
EU–U.S. DPF, the annual fee that such
organizations are required to pay to ITA
to participate in the EU–U.S. DPF
currently covers both the EU–U.S. DPF
and the UK Extension to the EU–U.S.
DPF.
These efficiency savings are
maximized if organizations self-certify
to multiple parts of the DPF program
simultaneously, reducing the required
staff time and resources for reviewing
materials.
In addition, organizations that
participate in the EU–U.S. DPF and, as
applicable, the UK Extension to the EU–
U.S. DPF and/or the Swiss-U.S. DPF
may adjust their annual re-certification
due date by re-certifying early (i.e.,
before the applicable due date) to the
relevant part(s) of the DPF program.
Although an organization may adjust
its annual re-certification due date by
re-certifying early, the re-certification
due date would apply to all parts of the
DPF program in which it participates
(i.e., re-certification to the relevant
part(s) of the DPF program is
synchronized). For example, if an
organization initially self-certified
exclusively to and was placed on the
Data Privacy Framework List with
regard to the EU–U.S. DPF, and then
several months later self-certified to and
was placed on the Data Privacy
Framework List with regard to the
Swiss-U.S. DPF, the organization’s next
re-certification to both of those parts of
the DPF program would be due by the
same date.
E:\FR\FM\09JYN1.SGM
09JYN1
56291
Federal Register / Vol. 89, No. 131 / Tuesday, July 9, 2024 / Notices
Additionally, a fixed annual fee of
$260 will be charged per applicable
framework for organizations that
withdraw from the relevant part(s) of
the DPF program, retain personal data
that they received in reliance on their
participation in the relevant part(s) of
the DPF program, continue to apply the
Principles to such data, and affirm to
ITA on an annual basis their
commitment to apply the Principles to
such data. This fee has been set to cover
staff costs for reviewing the ‘‘PostWithdrawal, Annual Affirmation
Questionnaire’’, which must be
submitted by organizations that have
chosen the aforementioned option when
withdrawing from the relevant part(s) of
the program, as well as the necessary
website infrastructure to facilitate
submission of the proper documents.
Additionally, this fee is set to be less
than any organization would be
required to pay for re-certification. The
fee schedule is set forth below:
REVISED ANNUAL FEE SCHEDULE FOR THE DPF PROGRAM
A single
framework
Organization’s annual revenue
Post-withdrawal, annual affirmation fee ..................................................................................................................
0 to 5 million ............................................................................................................................................................
Over 5 million to 25 million ......................................................................................................................................
Over 25 million to 500 million ..................................................................................................................................
Over 500 million to 5 billion .....................................................................................................................................
Over 5 billion ............................................................................................................................................................
For purposes of the annual fee
schedule described above:
• ‘‘A single framework’’ could refer to
any of the following: only the EU–U.S.
DPF; only the EU–U.S. DPF and the UK
Extension to the EU–U.S. DPF; or only
the Swiss-U.S. DPF.
• ‘‘Both frameworks’’ could refer to
any of the following: the EU–U.S. DPF,
the UK Extension to the EU–U.S. DPF,
and the Swiss-U.S. DPF; or only the EU–
U.S. DPF and the Swiss-U.S. DPF.
Organizations will have additional
direct costs associated with
participating in the DPF program. For
example, organizations must provide a
readily available independent recourse
mechanism to hear individual
complaints at no cost to the individual.
Furthermore, organizations are required
to make contributions in connection
with the arbitral model, as described in
Annex I to the Principles.
lotter on DSK11XQN23PROD with NOTICES1
Method for Determining Fees
ITA collects, retains, and expends
user fees pursuant to delegated
authority under the Mutual Educational
and Cultural Exchange Act as
authorized in its annual appropriations
acts. The EU–U.S. DPF, the UK
Extension to the EU–U.S. DPF, and the
Swiss-U.S. DPF were developed to
facilitate transatlantic commerce by
providing U.S. organizations with
reliable mechanisms for personal data
transfers to the United States from the
EU/European Economic Area, UK, and
Switzerland. The Data Privacy
Framework program operates in a way
that provides strong privacy protection
as well as a more effective and efficient
service to participants at a lower cost
than other options, including standard
contractual clauses or binding corporate
rules.
VerDate Sep<11>2014
18:00 Jul 08, 2024
Jkt 262001
Fees are set by taking into account the
operational costs borne by ITA to
administer and supervise the Data
Privacy Framework program. The DPF
program requires a significant
commitment of resources and staff.
These costs include broad programmatic
costs to run the program as well as costs
specific to EU–U.S. DPF, the UK
Extension to the EU–U.S. DPF, and the
Swiss-U.S. DPF. The DPF program
includes commitments from ITA to:
• Maintain, upgrade, and update a
DPF program website, including
maintaining the Data Privacy
Framework List (i.e., the authoritative
list of U.S. organizations that have selfcertified to the DOC, as represented by
ITA, and declared their commitment to
adhere to the Principles;
• Verify self-certification
requirements submitted by
organizations to participate in the DPF
program;
• Follow up with organizations that
have been removed from the Data
Privacy Framework List and ensure,
where applicable, that questionnaires
are correctly filed and processed;
• Search for and address false claims
of participation;
• Conduct periodic compliance
reviews and assessments of the program;
• Provide information regarding the
program to targeted audiences;
• Increase cooperation with European
data protection authorities;
• Facilitate resolution of complaints
about non-compliance;
• Hold periodic meetings with the
European Commission, the UK
government, the Swiss government, and
other authorities to review the program;
and
• Provide the EU, UK, and
Switzerland with updates on laws
relevant to the DPF program.
PO 00000
Frm 00016
Fmt 4703
Sfmt 4703
$260
260
750
1,600
4,130
5,530
Both
frameworks
$520
390
1,125
2,400
6,195
8,295
In setting these revised DPF program
fees, ITA determined that the services
provided offer special benefits to an
identifiable recipient beyond those that
accrue to the general public. ITA
calculated the actual cost of providing
its services in order to provide a basis
for setting each fee. This actual cost
incorporates direct and indirect costs,
including operations and maintenance,
overhead, and charges for the use of
capital facilities. ITA also took into
account additional factors, including
inflation, adequacy of cost recovery,
affordability, and costs associated with
alternative options available to U.S.
organizations for the receipt of personal
data from the EU, the UK, and
Switzerland. Furthermore, ITA
considered the cost-savings and
efficiencies gained in staff hours
through simultaneous review of selfcertifications for the EU–U.S. DPF, the
UK Extension to the EU–U.S. DPF, and
the Swiss-U.S. DPF. This analysis
balanced these cost savings with
projected expenses, including, but not
limited to, website development, further
negotiations with the EU, the UK, and
Switzerland, periodic reviews,
certification reviews, and facilitating
complaint resolutions.
ITA will continue to use the
established five-tiered fee schedule (see
82 FR 16375) that promoted
participation of small organizations in
the Privacy Shield program, while
amending the fees at each tier to
account for increased program
administration costs. A multiple-tiered
fee schedule allows ITA to offer
organizations with lower revenue a
lower fee. In setting the five tiers, ITA
considered, in conjunction with the
factors mentioned above: (1) the Small
Business Administration’s guidance on
E:\FR\FM\09JYN1.SGM
09JYN1
lotter on DSK11XQN23PROD with NOTICES1
56292
Federal Register / Vol. 89, No. 131 / Tuesday, July 9, 2024 / Notices
identifying small and medium
enterprises (SMEs) in various industries
most likely to participate in the DPF
program, such as computer services,
software and information services; (2)
the likelihood that small companies
would be expected to receive less
personal data and thereby use fewer
government resources; and (3) the
likelihood that companies with higher
revenue would have more customers
whose data they process, which would
use more government resources
dedicated to administering and
overseeing the DPF program. For
example, if a company holds more data,
it could reasonably produce more
questions and complaints from
consumers and European data
protection authorities (DPAs). ITA has
committed to facilitating the resolution
of individual complaints and to
communicating with the FTC and the
DPAs regarding consumer complaints.
Lastly, the fee increases between the
tiers are based in part on projected
program costs and estimated
participation levels among companies
within each tier.
As noted above, the revisions to the
fee schedule recoups the costs to ITA for
operating and maintaining the DPF
program. ITA has taken into account the
efficiencies and economies of scale
experienced when organizations
participate in multiple Frameworks by
providing a 50 percent discount off
adding another framework program and
requiring organizations to synchronize
their re-certifications. The added cost of
joining an additional framework
program reflects the additional expenses
incurred, including, but not limited to,
for communications with DPAs and
website infrastructure and development,
as well as the additional costs of
cooperating and communicating
separately with the EU, UK, and Swiss
representatives and governments.
The fee applied to organizations that
withdraw from relevant part(s) of the
DPF program, but that maintain data, is
meant to cover the programmatic costs
associated with ITA’s processing of such
organizations’ annual affirmation of
commitment to continue to apply the
Principles to the personal data they
received while participating in the
relevant part(s) of the DPF program. The
flat fee is based on the expectation that
government resources required to
process this annual affirmation will be
similar for all companies, regardless of
size.
Based on the information provided
above, ITA believes that the revised DPF
program cost recovery fee schedule is
consistent with the objective of OMB
Circular A–25 to ‘‘promote efficient
VerDate Sep<11>2014
18:00 Jul 08, 2024
Jkt 262001
allocation of the nation’s resources by
establishing charges for special benefits
provided to the recipient that are at least
as great as the cost to the U.S.
Government of providing the special
benefits . . .’’ (OMB Circular A–
25(5)(b)). ITA is providing the public
with the opportunity to comment on the
revisions to the fee schedule. ITA will
then review all comments and publish
the final fee schedule 30 days before the
final fee schedule becomes effective.
ITA administers and supervises the DPF
program, including maintaining and
making publicly available the Data
Privacy Framework List, an
authoritative list of U.S. organizations
that have self-certified to the DOC and
declared their commitment to adhere to
the Principles pursuant to the EU–U.S.
DPF and, as applicable, the UK
Extension to the EU–U.S. DPF, and/or
the Swiss-U.S. DPF.
Paperwork Reduction Act
In accordance with the Paperwork
Reduction Act of 1995 (PRA), ITA
published proposed information
collection as described in the EU–U.S.
DPF, the UK Extension to the EU–U.S.
DPF, and the Swiss–U.S. DPF for public
notice and comment (88 FR 19067 and
88 FR 37509). The approved OMB
Control Number for that information
collection is 0625–0280 (expires 07/31/
2026). That approval allows ITA to
collect information from organizations
in the United States, including
information concerning their annual
revenue, to enable such organizations to
self-certify to the DOC. Such
information collection is critical to
ITA’s administration and supervision of
the DPF program, including its
maintenance of the authoritative, public
list of U.S. organizations that have selfcertified to the DOC and declared their
commitment to adhere to the Principles.
The instant revisions to the DPF
program cost recovery fee schedule do
not impose any new information
collection request (ICR) requirements or
revise the current approved burden
hours and administrative costs
associated with the self-certification
process under the approved OMB
Control Number.
Dated: July 2, 2024.
Neema Guliani,
Deputy Assistant Secretary for Service,
Industry & Analysis, International Trade
Administration, U.S. Department of
Commerce.
[FR Doc. 2024–14983 Filed 7–8–24; 8:45 am]
BILLING CODE 3510–DR–P
PO 00000
Frm 00017
Fmt 4703
Sfmt 4703
DEPARTMENT OF COMMERCE
International Trade Administration
[A–533–889]
Certain Quartz Surface Products From
India: Preliminary Results and
Rescission, in Part, of Antidumping
Duty Administrative Review; 2022–
2023
Enforcement and Compliance,
International Trade Administration,
Department of Commerce.
SUMMARY: The U.S. Department of
Commerce (Commerce) preliminarily
determines that certain quartz surface
products (quartz surface products) from
India are not being sold in the United
States at below normal value during the
period of review (POR), June 1, 2022,
through May 31, 2023. Additionally,
Commerce is rescinding this
administrative review with respect to
certain companies. We invite interested
parties to comment on these preliminary
results.
DATES: Applicable July 9, 2024.
FOR FURTHER INFORMATION CONTACT:
Laurel LaCivita or Anjali Mehindiratta,
AD/CVD Operations, Office III,
Enforcement and Compliance,
International Trade Administration,
U.S. Department of Commerce, 1401
Constitution Avenue NW, Washington,
DC 20230; telephone: (202) 482–4243 or
(202) 482–9127, respectively.
SUPPLEMENTARY INFORMATION:
AGENCY:
Background
On June 22, 2020, Commerce
published the antidumping duty order
on quartz surface products from India.1
On June 1, 2023, we published in the
Federal Register a notice of opportunity
to request an administrative review of
the Order.2 On August 3, 2023, pursuant
to section 751(a)(1) of the Tariff Act of
1930, as amended (the Act), Commerce
initiated an administrative review of the
Order covering 77 entities.3 On
February 6, 2024, Commerce extended
the deadline for the preliminary results
until June 28, 2024.4
For a complete description of the
events that followed the initiation of
1 See Certain Quartz Surface Products from India
and Turkey: Antidumping Duty Orders, 85 FR
37422 (June 22, 2020) (Order).
2 See Antidumping or Countervailing Duty Order,
Finding, or Suspended Investigation; Opportunity
to Request Administrative Review and Join Annual
Inquiry Service List, 88 FR 35835 (June 1, 2023).
3 See Initiation of Antidumping and
Countervailing Duty Administrative Reviews, 88 FR
51271 (August 3, 2023) (Initiation Notice).
4 See Memorandum, ‘‘Extension of Deadline for
Preliminary Results of Antidumping Duty
Administrative Review,’’ dated February 6, 2024.
E:\FR\FM\09JYN1.SGM
09JYN1
]]>Agencies
[Federal Register Volume 89, Number 131 (Tuesday, July 9, 2024)]
[Notices]
[Pages 56289-56292]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-14983]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
International Trade Administration
[Docket No. 240702-0183]
Revisions to the Fee Schedule for the Data Privacy Framework
Program
AGENCY: International Trade Administration, U.S. Department of
Commerce.
ACTION: Notice of revisions; request for public comments.
-----------------------------------------------------------------------
SUMMARY: Consistent with the guidelines in OMB Circular A-25, the U.S.
Department of Commerce's International Trade Administration (ITA) is
revising the fee schedule that was last updated on April 12, 2017. This
notice revises the Privacy Shield program fee schedule to reflect the
change in the name of the program from the ``Privacy Shield'' program
to the ``Data Privacy Framework'' program and to amend the fees. This
is to support the operation of the EU-U.S. DPF, the UK Extension to the
EU-U.S. DPF, and the Swiss-U.S. DPF (collectively, the DPF program).
DATES: The revisions to the fee schedule will become effective 30 days
after the final fee schedule is published. Comments must be received by
August 7th, 2024.
ADDRESSES: You may submit comments by either of the following methods:
Federal eRulemaking Portal at www.Regulations.gov. The
identification number is ITA-2024-0001.
Postal Mail/Commercial Delivery to Isabella Carlton,
Department of Commerce, International Trade Administration, Room 11018,
1401 Constitution Avenue NW, Washington, DC, and reference ``Revisions
to the Fee Schedule for the Data Privacy Framework Program'' in the
subject line.
Instructions: You must submit comments by one of the above methods
to ensure that the comments are received and considered. Comments sent
by any other method, to any other address or individual, or received
after the end of the comment period, may not be considered. All
comments received are a part of the public record and will generally be
posted to https://www.regulations.gov without change. All Personal
Identifying Information (e.g., name, address, etc.) voluntarily
submitted by the commenter may be publicly accessible. Do not submit
Confidential Business Information or otherwise sensitive or protected
information. ITA will accept anonymous comments (enter ``N/A'' in the
required fields if you wish to remain anonymous). Attachments to
electronic comments will be accepted in Microsoft Word, Excel, or Adobe
PDF file formats only. Supporting documents and any comments we receive
on this docket may be viewed at https://www.regulations.gov/ (https://www.regulations.gov/) ITA-2024-0001.
More information regarding the DPF program can be found at https://www.dataprivacyframework.gov/Program-Overview.
FOR FURTHER INFORMATION CONTACT: Requests for additional information
regarding the DPF program should be directed to Isabella Carlton,
Department of Commerce, International Trade Administration, Room 11018,
1401 Constitution Avenue NW, Washington, DC, tel. (202) 482-1512 or via
email at [email protected]. Additional information on ITA fees is
available at trade.gov/fees.
SUPPLEMENTARY INFORMATION:
Background
On July 17, 2023, the U.S. Department of Commerce (DOC) launched
the Data Privacy Framework (DPF) program. The EU-U.S. Data Privacy
Framework (EU-U.S. DPF), UK Extension to the EU-U.S. DPF, and Swiss-
U.S. Data Privacy Framework (Swiss-U.S. DPF) were respectively
developed by the DOC and the European Commission, UK Government, and
Swiss Federal Administration to provide U.S. organizations with
reliable mechanisms for personal data transfers to the United States
from the EU, UK, and Switzerland while ensuring data protection that is
consistent with EU, UK, and Swiss law. The EU-U.S. DPF amends the
privacy principles that
[[Page 56290]]
organizations adhered to under the EU-U.S. Privacy Shield Framework as
the ``EU-U.S. Data Privacy Framework Principles'' (EU-U.S. DPF
Principles), and the Swiss-U.S. DPF amends the privacy principles that
organizations adhered to under the Swiss-U.S. Privacy Shield Framework
as the ``Swiss-U.S. Data Privacy Framework Principles'' (Swiss-U.S. DPF
Principles). For more detailed information on the DPF program, please
see https://www.dataprivacyframework.gov/Program-Overview.
Consistent with the guidelines in OMB Circular A-25, Federal
agencies are responsible for implementing cost recovery program fees.
The role of ITA is to strengthen the competitiveness of U.S. industry,
promote trade and investment, and ensure fair trade through the
rigorous enforcement of U.S. trade laws and agreements. ITA works to
promote privacy policy frameworks to facilitate the trusted flow of
data across borders with strong privacy protections, which in turn
supports international trade.
The U.S., EU, UK, and Switzerland share a commitment to enhancing
privacy protection, the rule of law, and a recognition of the
importance of transatlantic data flows to our respective citizens,
economies, and societies, but have different legal systems and take
different approaches to doing so. Given those differences, the DOC
developed the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the
Swiss-U.S. DPF in consultation with the European Commission, the UK
Government, the Swiss Federal Administration, industry, and other
stakeholders. These arrangements were respectively developed to provide
U.S. organizations reliable mechanisms for personal data transfers to
the U.S. from the EU, UK, and Switzerland that are consistent with EU,
UK, and Swiss law.
The DOC has issued the EU-U.S. DPF Principles and the Swiss-U.S.
DPF Principles, including the respective sets of Supplemental
Principles (collectively, the Principles) and Annex I to the
Principles, as well as the UK Extension to the EU-U.S. DPF under its
statutory authority to foster, promote, and develop international
commerce (15 U.S.C. 1512).
To participate in the EU-U.S. DPF and, as applicable, the UK
Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF an organization
must: (1) be subject to the investigatory and enforcement powers of the
Federal Trade Commission (FTC), the Department of Transportation (DOT),
or another statutory body that will effectively ensure compliance with
the Principles; (2) publicly declare its commitment to comply with the
Principles; (3) publicly disclose its privacy policies in line with the
Principles; and (4) fully implement the Principles.
While the decision by an organization to self-certify its
compliance and to participate in the DPF is voluntary; effective
compliance is compulsory: organizations that self-certify to the DOC
and publicly declare their commitment to adhere to the Principles must
comply fully with the Principles. Organizations that only wish to self-
certify their compliance pursuant to the EU-U.S. DPF and/or the Swiss-
U.S. DPF may do so; however, organizations that wish to participate in
the UK Extension to the EU-U.S. DPF must participate in the EU-U.S.
DPF. Such organizations' commitment to comply with the Principles with
regard to transfers of personal data from the EU and, as applicable,
the UK, and/or Switzerland must be reflected in their self-
certification submissions to the DOC, and in their privacy policies. An
organization's failure to comply with the Principles after its self-
certification is enforceable: (1) by the FTC under Section 5 of the
Federal Trade Commission (FTC) Act prohibiting unfair or deceptive acts
in or affecting commerce (15 U.S.C. 45); (2) by the DOT under 49 U.S.C.
41712 prohibiting a carrier or ticket agent from engaging in an unfair
or deceptive practice in air transportation or the sale of air
transportation; or (3) under other laws or regulations prohibiting such
acts.
U.S. organizations considering self-certifying their compliance
pursuant to the EU-U.S. DPF and, as applicable, the UK Extension to the
EU-U.S. DPF, and/or the Swiss-U.S. DPF should review the requirements
in their entirety, including the Principles and associated documents
available in full at www.dataprivacyframework.gov.
Revisions to the Fee Schedule
ITA initially implemented a cost recovery program to support the
operation of the EU-U.S. Privacy Shield Framework and the Swiss-U.S.
Privacy Shield Frameworks (collectively, the Privacy Shield program)
and is revising that fee schedule to support the operation of the DPF
program. The cost recovery program will support the administration and
supervision of the DPF program and support services related to the DPF
program, including education and outreach. The revisions to the fee
schedule will become effective 30 days after the final fee schedule is
published.
The Cost Recovery Fee Schedule for the EU-U.S. Privacy Shield
Framework, published September 30, 2016 (81 FR 67293), describes the
fees implemented by ITA to cover the administration and supervision of
the EU-U.S. Privacy Shield Framework. The first amendment to the Cost
Recovery Fee Schedule for the EU-U.S. Privacy Shield Framework,
published April 4, 2017 (82 FR 16375), describes the additional fees
implemented by ITA to cover the administration and supervision of the
Swiss-U.S. Privacy Shield Framework. Under this revision to the fee
schedule, organizations that opt to self-certify only for the EU-U.S.
DPF, only the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, or
only the Swiss-U.S. DPF will pay a single fee when initially self-
certifying or re-certifying. Organizations that opt to self-certify for
an additional framework will pay an additional 50 percent of that
single fee when self-certifying or re-certifying for the additional
framework, reflecting the efficiency savings in administering the DPF
program for organizations that participate in multiple parts of the DPF
program. As organizations that wish to participate in the UK Extension
to the EU-U.S. DPF must participate in the EU-U.S. DPF, the annual fee
that such organizations are required to pay to ITA to participate in
the EU-U.S. DPF currently covers both the EU-U.S. DPF and the UK
Extension to the EU-U.S. DPF.
These efficiency savings are maximized if organizations self-
certify to multiple parts of the DPF program simultaneously, reducing
the required staff time and resources for reviewing materials.
In addition, organizations that participate in the EU-U.S. DPF and,
as applicable, the UK Extension to the EU-U.S. DPF and/or the Swiss-
U.S. DPF may adjust their annual re-certification due date by re-
certifying early (i.e., before the applicable due date) to the relevant
part(s) of the DPF program.
Although an organization may adjust its annual re-certification due
date by re-certifying early, the re-certification due date would apply
to all parts of the DPF program in which it participates (i.e., re-
certification to the relevant part(s) of the DPF program is
synchronized). For example, if an organization initially self-certified
exclusively to and was placed on the Data Privacy Framework List with
regard to the EU-U.S. DPF, and then several months later self-certified
to and was placed on the Data Privacy Framework List with regard to the
Swiss-U.S. DPF, the organization's next re-certification to both of
those parts of the DPF program would be due by the same date.
[[Page 56291]]
Additionally, a fixed annual fee of $260 will be charged per
applicable framework for organizations that withdraw from the relevant
part(s) of the DPF program, retain personal data that they received in
reliance on their participation in the relevant part(s) of the DPF
program, continue to apply the Principles to such data, and affirm to
ITA on an annual basis their commitment to apply the Principles to such
data. This fee has been set to cover staff costs for reviewing the
``Post-Withdrawal, Annual Affirmation Questionnaire'', which must be
submitted by organizations that have chosen the aforementioned option
when withdrawing from the relevant part(s) of the program, as well as
the necessary website infrastructure to facilitate submission of the
proper documents. Additionally, this fee is set to be less than any
organization would be required to pay for re-certification. The fee
schedule is set forth below:
Revised Annual Fee Schedule for the DPF Program
------------------------------------------------------------------------
A single Both
Organization's annual revenue framework frameworks
------------------------------------------------------------------------
Post-withdrawal, annual affirmation fee. $260 $520
0 to 5 million.......................... 260 390
Over 5 million to 25 million............ 750 1,125
Over 25 million to 500 million.......... 1,600 2,400
Over 500 million to 5 billion........... 4,130 6,195
Over 5 billion.......................... 5,530 8,295
------------------------------------------------------------------------
For purposes of the annual fee schedule described above:
``A single framework'' could refer to any of the
following: only the EU-U.S. DPF; only the EU-U.S. DPF and the UK
Extension to the EU-U.S. DPF; or only the Swiss-U.S. DPF.
``Both frameworks'' could refer to any of the following:
the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-
U.S. DPF; or only the EU-U.S. DPF and the Swiss-U.S. DPF.
Organizations will have additional direct costs associated with
participating in the DPF program. For example, organizations must
provide a readily available independent recourse mechanism to hear
individual complaints at no cost to the individual. Furthermore,
organizations are required to make contributions in connection with the
arbitral model, as described in Annex I to the Principles.
Method for Determining Fees
ITA collects, retains, and expends user fees pursuant to delegated
authority under the Mutual Educational and Cultural Exchange Act as
authorized in its annual appropriations acts. The EU-U.S. DPF, the UK
Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF were developed to
facilitate transatlantic commerce by providing U.S. organizations with
reliable mechanisms for personal data transfers to the United States
from the EU/European Economic Area, UK, and Switzerland. The Data
Privacy Framework program operates in a way that provides strong
privacy protection as well as a more effective and efficient service to
participants at a lower cost than other options, including standard
contractual clauses or binding corporate rules.
Fees are set by taking into account the operational costs borne by
ITA to administer and supervise the Data Privacy Framework program. The
DPF program requires a significant commitment of resources and staff.
These costs include broad programmatic costs to run the program as well
as costs specific to EU-U.S. DPF, the UK Extension to the EU-U.S. DPF,
and the Swiss-U.S. DPF. The DPF program includes commitments from ITA
to:
Maintain, upgrade, and update a DPF program website,
including maintaining the Data Privacy Framework List (i.e., the
authoritative list of U.S. organizations that have self-certified to
the DOC, as represented by ITA, and declared their commitment to adhere
to the Principles;
Verify self-certification requirements submitted by
organizations to participate in the DPF program;
Follow up with organizations that have been removed from
the Data Privacy Framework List and ensure, where applicable, that
questionnaires are correctly filed and processed;
Search for and address false claims of participation;
Conduct periodic compliance reviews and assessments of the
program;
Provide information regarding the program to targeted
audiences;
Increase cooperation with European data protection
authorities;
Facilitate resolution of complaints about non-compliance;
Hold periodic meetings with the European Commission, the
UK government, the Swiss government, and other authorities to review
the program; and
Provide the EU, UK, and Switzerland with updates on laws
relevant to the DPF program.
In setting these revised DPF program fees, ITA determined that the
services provided offer special benefits to an identifiable recipient
beyond those that accrue to the general public. ITA calculated the
actual cost of providing its services in order to provide a basis for
setting each fee. This actual cost incorporates direct and indirect
costs, including operations and maintenance, overhead, and charges for
the use of capital facilities. ITA also took into account additional
factors, including inflation, adequacy of cost recovery, affordability,
and costs associated with alternative options available to U.S.
organizations for the receipt of personal data from the EU, the UK, and
Switzerland. Furthermore, ITA considered the cost-savings and
efficiencies gained in staff hours through simultaneous review of self-
certifications for the EU-U.S. DPF, the UK Extension to the EU-U.S.
DPF, and the Swiss-U.S. DPF. This analysis balanced these cost savings
with projected expenses, including, but not limited to, website
development, further negotiations with the EU, the UK, and Switzerland,
periodic reviews, certification reviews, and facilitating complaint
resolutions.
ITA will continue to use the established five-tiered fee schedule
(see 82 FR 16375) that promoted participation of small organizations in
the Privacy Shield program, while amending the fees at each tier to
account for increased program administration costs. A multiple-tiered
fee schedule allows ITA to offer organizations with lower revenue a
lower fee. In setting the five tiers, ITA considered, in conjunction
with the factors mentioned above: (1) the Small Business
Administration's guidance on
[[Page 56292]]
identifying small and medium enterprises (SMEs) in various industries
most likely to participate in the DPF program, such as computer
services, software and information services; (2) the likelihood that
small companies would be expected to receive less personal data and
thereby use fewer government resources; and (3) the likelihood that
companies with higher revenue would have more customers whose data they
process, which would use more government resources dedicated to
administering and overseeing the DPF program. For example, if a company
holds more data, it could reasonably produce more questions and
complaints from consumers and European data protection authorities
(DPAs). ITA has committed to facilitating the resolution of individual
complaints and to communicating with the FTC and the DPAs regarding
consumer complaints. Lastly, the fee increases between the tiers are
based in part on projected program costs and estimated participation
levels among companies within each tier.
As noted above, the revisions to the fee schedule recoups the costs
to ITA for operating and maintaining the DPF program. ITA has taken
into account the efficiencies and economies of scale experienced when
organizations participate in multiple Frameworks by providing a 50
percent discount off adding another framework program and requiring
organizations to synchronize their re-certifications. The added cost of
joining an additional framework program reflects the additional
expenses incurred, including, but not limited to, for communications
with DPAs and website infrastructure and development, as well as the
additional costs of cooperating and communicating separately with the
EU, UK, and Swiss representatives and governments.
The fee applied to organizations that withdraw from relevant
part(s) of the DPF program, but that maintain data, is meant to cover
the programmatic costs associated with ITA's processing of such
organizations' annual affirmation of commitment to continue to apply
the Principles to the personal data they received while participating
in the relevant part(s) of the DPF program. The flat fee is based on
the expectation that government resources required to process this
annual affirmation will be similar for all companies, regardless of
size.
Based on the information provided above, ITA believes that the
revised DPF program cost recovery fee schedule is consistent with the
objective of OMB Circular A-25 to ``promote efficient allocation of the
nation's resources by establishing charges for special benefits
provided to the recipient that are at least as great as the cost to the
U.S. Government of providing the special benefits . . .'' (OMB Circular
A-25(5)(b)). ITA is providing the public with the opportunity to
comment on the revisions to the fee schedule. ITA will then review all
comments and publish the final fee schedule 30 days before the final
fee schedule becomes effective. ITA administers and supervises the DPF
program, including maintaining and making publicly available the Data
Privacy Framework List, an authoritative list of U.S. organizations
that have self-certified to the DOC and declared their commitment to
adhere to the Principles pursuant to the EU-U.S. DPF and, as
applicable, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S.
DPF.
Paperwork Reduction Act
In accordance with the Paperwork Reduction Act of 1995 (PRA), ITA
published proposed information collection as described in the EU-U.S.
DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF for
public notice and comment (88 FR 19067 and 88 FR 37509). The approved
OMB Control Number for that information collection is 0625-0280
(expires 07/31/2026). That approval allows ITA to collect information
from organizations in the United States, including information
concerning their annual revenue, to enable such organizations to self-
certify to the DOC. Such information collection is critical to ITA's
administration and supervision of the DPF program, including its
maintenance of the authoritative, public list of U.S. organizations
that have self-certified to the DOC and declared their commitment to
adhere to the Principles. The instant revisions to the DPF program cost
recovery fee schedule do not impose any new information collection
request (ICR) requirements or revise the current approved burden hours
and administrative costs associated with the self-certification process
under the approved OMB Control Number.
Dated: July 2, 2024.
Neema Guliani,
Deputy Assistant Secretary for Service, Industry & Analysis,
International Trade Administration, U.S. Department of Commerce.
[FR Doc. 2024-14983 Filed 7-8-24; 8:45 am]
BILLING CODE 3510-DR-P
