The EU-US Privacy Shield scheme became operational on 1 August 2016 after the European Commission issued its formal decision that the Privacy Shield provides adequate protection to allow personal data to be transferred to the United States.

The EU-U.S. Privacy Shield imposes stronger obligations on U.S. companies to protect Europeans’ personal data. The Privacy Shield requires the U.S. to monitor and enforce more robustly, and cooperate more with European Data Protection Authorities. It includes written commitments and assurance regarding access to data by public authorities.

The Department of Commerce in the US, which will oversee certification under the scheme, has launched a dedicated website that offers advice. It is important to remember that if the company you want to transfer data to is not certified, the protections of the Privacy Shield won’t apply.

You can contact the ICO about the Privacy Shield by emailing privacyshield@ico.org.uk.

If you have a concern about the way your data has been handled when it was transferred to the United States using the Privacy Shield, there are specific redress mechanisms for individuals.

Please do not send electronic copies of documents containing your personal data. Please contact privacyshield@ico.org.uk about submitting your verification documents.