On July 16, 2020 the United States Department of Commerce International Trade Administration has announced the following important development regarding the EU-U.S. Privacy Shield Framework:
“On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as “invalid” the European Commission’s Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. This decision does not relieve participants in the EU-U.S. Privacy Shield of their obligations under the EU-U.S. Privacy Shield Framework.
The U.S. Department of Commerce will continue to administer the Privacy Shield program, including processing submissions for self-certification and re-certification to the Privacy Shield Frameworks and maintaining the Privacy Shield List. If you have questions, please contact the European Commission, the appropriate European national data protection authority or legal counsel.”
This update is available on the Privacy Shield News and Events page at: https://www.privacyshield.gov/NewsEvents
In addition, U.S. Secretary of Commerce Wilbur Ross’ statement regarding this development is available at: https://www.commerce.gov/news/press-releases/2020/07/us-secretary-commerce-wilbur-ross-statement-schrems-ii-ruling-and
In light of this update provided by the U.S. Department of Commerce the AAA-ICDR will continue to administer the Privacy Shield program.
The International Centre for Dispute Resolution (ICDR), the international division of the American Arbitration Association (AAA), has been selected by the U.S. Department of Commerce to manage the Privacy Shield Annex I Arbitration Mechanism and Arbitral Fund. This is the website and information for the Annex I Binding Arbitration Mechanism. The ICDR’s primary functions in this regard are to administer arbitrations that may arise under Annex
The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. The full details of the program can be found on the Department of Commerce’s website at https://www.privacyshield.gov/welcome.
The Privacy Shield Framework provides the option for an EU individual to invoke binding arbitration to determine whether a Privacy Shield organization has violated its obligations under the Privacy Shield Principles as to that individual and whether any such violation remains fully or partially unremedied ("residual claims"). Organizations voluntarily self-certify to the Privacy Shield Principles and, upon certification, the commitments become legally enforceable under U.S. law. Organizations that self-certify to the Privacy Shield Framework are required to arbitrate claims pursuant to the Recourse, Enforcement and Liability Principle.
As the Arbitral Administrator and Fund Manager, ICDR-AAA will facilitate the collection and administration of contributions from Privacy Shield participants. The required contributions are based on organizations’ annual revenue, using revenue bands that mirror those used to determine Privacy Shield administration fees collected by the Department of Commerce’s International Trade Administration (ITA).
The fee structure for the arbitral fund is available HERE. ICDR-AAA expects these initial fees to provide sufficient revenue for the fund to operate for several years, based on expected case filings and projected administrative and program management expenses. ICDR-AAA shall periodically review any need to adjust the fee structure, and the Department of Commerce and the European Commission will review the operation of the fund during the annual review of the Privacy Shield.
Organizations self-certifying to the EU-U.S. Privacy Shield for the first time on or after
EU-U.S. Privacy Shield program on October 3,
For EU Individuals: Click for Information on Filing An Annex I Arbitration
Privacy Shield Arbitral Fund Contributions
EU-U.S. Privacy Shield Annex I Binding Arbitration Rules
EU-U.S. Privacy Shield Annex I Code of Conduct
Article: The GDPR and Privacy Shield
Privacy Shield Arbitrators
About the ICDR
The International Centre for Dispute Resolution (ICDR), is the international division of the American Arbitration Association (AAA) and provides Privacy Shield Annex I services pursuant to
The ICDR provides a full range of conflict management services to businesses, government agencies, and other organizations around the world. These services are supported by a network of cooperative agreements with other arbitration institutions and key alliances located around the globe, which enable the ICDR to provide its international arbitration services.