The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The judgment in the Schrems II case issued by the European Court of Justice on Thursday 16 July 2020 found that Privacy Shield is no longer a valid way to transfer personal data outside of the EEA. For more information please read our latest statement

If you have any specific questions please call our helpline on 0303 123 1113.


If you have any specific questions please call our helpline on 0303 123 1113.

The EU-US Privacy Shield scheme became operational on 1 August 2016 after the European Commission issued its formal decision that the Privacy Shield provides adequate protection to allow personal data to be transferred to the United States.

The EU-U.S. Privacy Shield imposes stronger obligations on U.S. companies to protect Europeans’ personal data. The Privacy Shield requires the U.S. to monitor and enforce more robustly, and cooperate more with European Data Protection Authorities. It includes written commitments and assurance regarding access to data by public authorities.

The Department of Commerce in the US, which will oversee certification under the scheme, has launched a dedicated website that offers advice. It is important to remember that if the company you want to transfer data to is not certified, the protections of the Privacy Shield won’t apply.

You can contact the ICO about the Privacy Shield by emailing

If you have a concern about the way your data has been handled when it was transferred to the United States using the Privacy Shield, there are specific redress mechanisms for individuals.

Please do not send electronic copies of documents containing your personal data. Please contact about submitting your verification documents.


For information about what we do with personal data see our privacy notice.