The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were developed by the U.S. Department of Commerce in consultation with the European Commission and Swiss Government, and with industry and other stakeholders, to provide companies on both sides of the Atlantic with a valid legal mechanism to comply with data protection requirements when transferring personal data from the European Union (EU) and Switzerland to the United States in support of transatlantic commerce.
The Privacy Shield program administered by the U.S. Department of Commerce enables U.S.-based companies to join one or both of the Privacy Shield Frameworks in order to benefit from the adequacy determinations. To join either Privacy Shield Framework, a U.S.-based company will be required to self-certify to the Department of Commerce and publicly commit to comply with the Privacy Shield Principles, including the Supplemental Principles requirements. While joining Privacy Shield is voluntary, once an eligible company makes the public commitment to comply with the requirements, the commitment will become enforceable under U.S. law.
Approval of the EU-U.S. Privacy Shield Framework, which replaces the U.S.-EU Safe Harbor Framework, was announced on July 12, 2016. The Department began accepting EU-U.S. Privacy Shield self-certifications on August 1, 2016. Approval of the Swiss-U.S. Privacy Shield Framework, which replaces the U.S. Swiss Safe Harbor Framework, was announced on January 12, 2017. The Department began accepting EU-U.S. Privacy Shield self-certifications on August 1, 2016.
The Privacy Shield program administered by the U.S. Department of Commerce delivers a number of key benefits:
1. Enhanced Dispute Resolution systems with additional reporting criteria.
2. A US based Privacy Ombudsperson to handle complaints regarding data access by US Intelligence agencies.
3. Stricter controls on onward transfer of data once outside of the European Union and Switzerland.
4. Liability remaining with data controllers after the onward transfer of data to third-party agent.
5. The option for binding arbitration to handle unresolved complaints.
6. Increased co operation between the Department of Commerce and the European Commssion and the Swiss Federal Data Protection and Information Commissioner, including an annual review of the program when appropriate.
For more information view the EU-U.S. Privacy Shield Timeline
The PrivacyTrust Privacy Shield program is designed to assist companies self-cerifying to the U.S. Department of Commerce that they comply with the EU-U.S. Privacy Shield Framework and/or the Swiss-U.S. Privacy Shield Framework as set forth by the Department. The PrivacyTrust Privacy Shield program provides guidance prior to and during the self-certification application process, along with support afterwards. PrivacyTrust provides such companies with a dispute resolution service (independent recourse mechanism) and an outside compliance review (verification) service.
Related: See also GDPR