The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
On July 12, 2016, the European Commission deemed the EU-U.S. Privacy Shield Framework adequate to enable data transfers under EU law. On January 12, 2017, the Swiss Government announced the approval of the Swiss-U.S. Privacy Shield Framework as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States.
For information on the adequacy determinations or to see the statements from the Swiss Federal Council and Swiss Federal Data Protection and Information Commissioner visit the Department of Commerce’s website at https://www.privacyshield.gov/Program-Overview where the related links are highlighted.
The U.S.-EU and U.S.-Swiss Safe Harbor Frameworks are no longer legally recognized as adequate under EU and Swiss law for transferring personal data from the European Union and Switzerland to the United States.
The Privacy Shield program, which is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enables U.S.-based organizations to join the Privacy Shield Framework in order to benefit from the adequacy determination. To join either Privacy Shield Framework, a U.S.-based organization will be required to self-certify to the Department of Commerce (via the DOC’s website at https://www.privacyshield.gov/Program-Overview) and publicly commit to comply with the Framework’s requirements. While joining the Privacy Shield Framework is voluntary, once an eligible organization makes the public commitment to comply with the Framework’s requirements, the commitment will become enforceable under U.S. law. All organizations interested in self-certifying to the EU-U.S. Privacy Shield Framework or Swiss-U.S. Privacy Shield Framework should review the requirements in their entirety. The full details of the program can be found on the Department of Commerce’s website at https://www.privacyshield.gov.
In order to ensure compliance with the Privacy Shield programs, there must be readily available independent recourse mechanisms, so that each individual's complaints and disputes (e.g., complaints and disputes of residents of the EU and Switzerland) can be investigated and expeditiously resolved at no cost to the individual.
To meet this requirement, a company can choose an ADR provider such as the International Centre for Dispute Resolution, the international division of the American Arbitration Association (ICDR-AAASM) to resolve its disputes.
For additional program information on how to designate the ICDR-AAA as your independent recourse mechanism and on the EU-U.S. and Swiss-U.S. Privacy Shield program please review the program information document.
Organizations: if you are looking for the Annex I Arbitral Fund contributions page, click HERE.
ICDR Dispute Resolution Procedures (click on the appropriate language)
Program Information for the
Administrative Procedures for the
Privacy Shield Programs
EU-U.S. and Swiss-U.S. Privacy Shield Programs List of Companies
ICDR-AAA EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield IRM Program Report 2018-2019
ICDR-AAA arbitrators and mediators are drawn from a pool of professionals with privacy expertise and language capabilities from many different countries.
Disputes will be determined pursuant to the ICDR International Arbitration Rules, based on documents only and as modified by the Privacy Shield procedures and fee schedule for this program.
In-person hearings will not be provided for these cases unless they are requested and agreed to by the parties.
Arbitrations will be conducted on an expedited basis.