The EU-US Privacy Shield scheme became operational on 1 August 2016 after the European Commission issued its formal decision that the Privacy Shield provides adequate protection to allow personal data to be transferred to the United States.
The EU-U.S. Privacy Shield imposes stronger obligations on U.S. companies to protect Europeans’ personal data. The Privacy Shield requires the U.S. to monitor and enforce more robustly, and cooperate more with European Data Protection Authorities. It includes written commitments and assurance regarding access to data by public authorities.
The Department of Commerce in the US, which will oversee certification under the scheme, has launched a dedicated website that offers advice. It is important to remember that if the company you want to transfer data to is not certified, the protections of the Privacy Shield won’t apply.
You can contact the ICO about the Privacy Shield by emailing firstname.lastname@example.org.
If you have a concern about the way your data has been handled when it was transferred to the United States using the Privacy Shield, there are specific redress mechanisms for individuals.
- Directly with the company: Companies must reply to complaints from individuals within 45 days.
- Complaint form for submitting commercial related complaints to the ICO.
Rules of Procedure for Informal DPA panel
- Form for submission of requests to the U.S Ombudsperson via the ICO.
Rules of Procedure for EU Centralised Body