01 Mar 2016 - 15 Jul 2022
OCTDECMAY
27
201520162018
COMMERCE.GOV
Fact Sheet: Overview of the EU-U.S. Privacy Shield Framework
Feb
29
2016
Data
Trade and Investment
Digital Economy
EU-U.S. Privacy Shield
Posted at 2:18 PM
FACT SHEET
Monday, February 29, 2016
Office of Public Affairs
202-482-4883
publicaffairs@doc.gov
Download PDF version of fact sheet
The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
The Privacy Shield Framework provides a set of robust and enforceable protections for the personal data of EU individuals. The Framework provides transparency regarding how participating companies use personal data, strong U.S. government oversight, and increased cooperation with EU data protection authorities (DPAs). The Privacy Shield Framework offers EU individuals access to multiple avenues to address any concerns regarding participants’ compliance with the Framework, including free dispute resolution. The Framework ensures a continuing level of protection consistent with Privacy Shield Principles when personal data collected under the Framework is transferred to third parties.  The Framework also makes it easier for EU individuals to understand and exercise their rights.
The European Commission has proposed that the Privacy Shield Framework be deemed adequate to enable data transfers under EU law, a proposal that is now in the approval process. Once an adequacy determination is in place, the Department of Commerce will begin accepting certifications under the Framework. 
To join the Privacy Shield Framework, a U.S.-based company will be required to self-certify to the Department of Commerce and publicly commit to comply with the Framework’s requirements. While joining the Privacy Shield Framework will be voluntary, once an eligible company makes the public commitment to comply with the Framework’s requirements, the commitment will become enforceable under U.S. law.  All companies interested in joining the Privacy Shield Framework should review its requirements in their entirety. To assist in that effort, key new elements are outlined here.
EU-U.S. Privacy Shield Framework
EU individuals’ rights and legal remedies:
Program oversight and cooperation with EU DPAs:
Key new requirements for participating companies:
Informing individuals about data processing
Maintaining data integrity and purpose limitation
Privacy Shield participants must limit personal information to the information relevant for the purposes of processing.
Ensuring accountability for data transferred to third parties
To transfer personal information to a third party acting as a controller, a Privacy Shield participant must:
To transfer personal data to a third party acting as an agent, a Privacy Shield participant must:
Cooperating with the Department of Commerce
Privacy Shield participants must respond promptly to inquiries and requests by the Department of Commerce for information relating to the Privacy Shield Framework.
Transparency related to enforcement actions
Privacy Shield participants must make public any relevant Privacy Shield-related sections of any compliance or assessment report submitted to the FTC if the organization becomes subject to an FTC or court order based on non-compliance.
Ensuring commitments are kept as long as data is held
If an organization leaves the Privacy Shield Framework, it must annually certify its commitment to apply the Principles to information received under the Privacy Shield Framework if it chooses to keep such data or provide “adequate” protection for the information by another authorized means.
Demonstration of limitations and safeguards on national security and law enforcement access to data:
AttachmentSize
eu-us_privacy_shield_fact_sheet.pdf345.25 KB
Related Content
Feb
29
2016
Statement from U.S. Secretary of Commerce Penny Pritzker on Release of EU-U.S. Privacy Shield Text
Today, the full text of the EU-U.S. Privacy Shield framework is publicly available. U.S. Secretary of Commerce Penny Pritzker made the following statement surrounding the...
EU-U.S. Privacy Shield
Type of Tool or Resource: 
‎The Privacy Shield Framework provides a set of robust and enforceable protections for the personal data of EU individuals. This page includes related statements and fact...
Last updated: 2016-05-19 14:23
BUREAUS & OFFICES
Search by organization name or browse the tree below
Department of Commerce (DOC)
Bureau of Economic Analysis (BEA)
Bureau of Industry and Security (BIS)
U.S. Census Bureau (Census)
Economic Development Administration (EDA)
Economics and Statistics Administration (ESA)
International Trade Administration (ITA)
Minority Business Development Agency (MBDA)
National Institute of Standards and Technology(NIST)
National Oceanic and Atmospheric Administration(NOAA)
National Technical Information Service (NTIS)
National Telecommunications and Information Administration (NTIA)
United States Patent and Trademark Office(USPTO)
Office of the Secretary (OS)
LEARN ABOUT COMMERCE
About Commerce
Organizational Chart
Commerce Leadership
Bureaus and Offices
Commerce Services & Offices Near You
Grant and Contract Opportunities
Career Opportunities and Internships
Commerce History
Frequently Asked Questions
Contact Us
BROWSE BY TOPIC
FIND OFFICES
EXPLORE DATA
Data Set Catalog
Commerce Data Service
Data Usability Tutorials
Information for Developers
Digital Strategy
GET NEWS
Press Releases
The Commerce Blog
Secretary Speeches
Deputy Secretary Speeches
Opinion Editorials
Fact Sheets
Media Contacts
VIEW PHOTOS & VIDEOS
Photos
Videos
Galleries
PROVIDE FEEDBACK
AGENCY FINANCIAL REPORT
COMMENT POLICY
COMMERCE ARCHIVE
EEO POLICY
FOIA
GOBIERNOUSA.GOV
IMPROPER PAYMENTS
INFORMATION QUALITY
INSPECTOR GENERAL
NO FEAR ACT
PLAIN LANGUAGE
PRIVACY POLICY
USA.GOV
WHISTLEBLOWER PROTECTION
WHITEHOUSE.GOV
Home