CFBAI_ProgramBackgrounds_4-28-2020

BBB EU Privacy Shield

Following the Privacy Shield Principles enables U.S. businesses to demonstrate compliance with data protection standards when processing the personal information of consumers from the European Union, the United Kingdom, and Switzerland. BBB EU Privacy Shield is the chosen independent recourse mechanism of over 1,000 businesses that wish to bring accountability to their public commitments. The program provides trusted dispute resolution services and helps organizations of all sizes meet Privacy Shield compliance obligations.

Program Impact

For 20 years, under the Safe Harbor and Privacy Shield Frameworks, our non-profit program has delivered independent third-party dispute resolution services to U.S. businesses of all sizes. We also offer a package of compliance and administrative services.  

Dispute Resolution

Conciliation and arbitration options offer flexibility and enhance customer service.

Monitoring & Reminders

Monitoring privacy notices and certifications with timely reminders to keep your team focused on privacy compliance.

Compliance Support

Hands-on assistance with developing Privacy Shield notices and navigating the self-certification process.

Resources & Guidance

Compliance tips and curated resources empower businesses to implement best practices.

Principles & Procedures


When a U.S. business joins Privacy Shield, it makes a public commitment that its processing of EU, UK, and Swiss personal data will meet the data protection standards embodied in the Privacy Shield Principles.

 

A business that chooses BBB EU Privacy Shield as its IRM agrees to follow our Procedure Rules when responding to privacy complaints, and to keep the same promise to the individuals who make use of our dispute resolution service. 

What Sets BBB EU Privacy Shield Apart?

Dispute Resolution

Our unique conciliation-first model delivers speedy and seamless dispute resolution services, following transparent procedures trusted by consumers and businesses alike. This meets the requirement for Privacy Shield businesses to select a recognized Independent Recourse Mechanism (IRM) to facilitate complaints brought by EU, UK, and Swiss individuals under Privacy Shield. Learn more about our complaint handling process.

Compliance & Monitoring

As your IRM, BBB EU Privacy Shield provides hands-on compliance assistance during self-certification and annual re-certification. We help your business align its privacy notices with the substantive requirements of Privacy Shield and support your team in meeting ongoing administrative requirements, through included monitoring and timely reminders. Learn more about our privacy policy guidance.

Service & Engagement

Through up-to-date guidance about the evolving data privacy landscape, BBB EU Privacy Shield enables its participants to focus on what matters. Our team also provides one-on-one support for participating businesses of all sizes. We are always at the ready to assist you, whether advising on best practices for consumer complaints or navigating a merger of two Privacy Shield certifications. Learn more about our application process.
 

 

 

Joining BBB EU Privacy Shield


STEP 1: Confirm your organization is eligible for Privacy Shield

 

STEP 2: Apply with BBB EU Privacy Shield 


STEP 3: Update draft privacy policy to include Privacy Shield disclosures 

 

STEP 4: Submit all materials and wait for our approval

 

STEP 5: Self-Certify with the U.S. Department of Commerce, International Trade Administration 

 

 

 

News & Blog

Blog

Schrems II: What Do Privacy Shield Businesses Need to Know?

The July 16 decision from the CJEU, known as Schrems II, addressed two mechanisms for transferring EU individuals’ personal data outside the EU. As the situation continues to develop, and before making changes to their practices around international data transfers, businesses should pause to review their data flows, contracts, and substantive commitments, and their current chain of compliance and accountability for data received from the EU.
Read more
Blog

Contact Tracing and Tech: An International Comparison

To confront coronavirus, governments across the globe have devised approaches for tracing its spread and quarantining individuals known to be carriers, also known as “contact tracing.” While almost all strategies rely on traditional means of contacting and recording the movements of infected individuals, many employ modern communications technologies: sensors, Bluetooth, GPS, thermal recognition, facial-recognition, and geofencing.
Read more
Blog

A Reminder from the FTC: Making False Statements about Privacy Shield has Consequences

The U.S. Federal Trade Commission has always taken very seriously any company’s statement about certification, membership, or participation in recognized privacy and security programs. For example, the Commission has cracked down on numerous companies over the years for making incorrect statements about their participation in APEC-CBPR and the Safe Harbor Frameworks.
Read more
Blog

CCPA is Here: How to Update Your Privacy Policy

The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. If your business is covered under CCPA, you may need to update your public privacy policy. In this post, we focus on the main changes that most businesses can expect to make to their privacy policies in order to align them with the requirements of CCPA.*
Read more
 

 

 

Upcoming Privacy Events

CARU Conference: Virtual Series

Safety by Design: Protecting Users of Innovative Mobile Apps: Learn why going beyond the low bar of age-gating is good for business. Get insight into how Snapchat built its review process as well as b ...
Learn more
Aug 18, 2020 Virtual

CARU Conference: Virtual Series

COPPA-ly Ever After: Once upon a time (20 years ago), the Children’s Online Privacy Protection Act (COPPA) was born. Gain insight from an original author of COPPA as well as Ms. Cohen who will be invo ...
Learn more
Sep 22, 2020 Virtual
 

 

 

Resources & Guidance

In concert with our other privacy initiatives, we provide up-to-the-minute guidance on common privacy compliance obligations as well as curated resources to empower businesses to quickly embrace best practices. 

Frequently Asked Questions

 

Read more FAQs 

 

 

 

 

Contact Us

Contact BBB EU Privacy Shield


*Required fields