BBB EU Privacy Shield

Since 2016, the Privacy Shield Principles have enabled U.S. businesses to demonstrate compliance with data protection standards when processing the personal information of consumers from the European Union, the United Kingdom, and Switzerland. Now businesses transferring personal data from the EU to the U.S. under Privacy Shield will transition to the EU-U.S. Data Privacy Framework. BBB EU Privacy Shield participants will experience a seamless transition to that new Framework.

For Businesses For Consumers

Join Privacy Shield Submit a Complaint

Transitioning to the Data Privacy Framework

Currently, there are no actions for Privacy Shield participants to take. BBB National Programs is awaiting guidance from the Department of Commerce to finalize our EU-U.S. Data Privacy Framework program. If your business is not yet a participant, or has left the program and is looking to return, please contact us. To get on the mailing list for updates as information is available, subscribe to the Privacy Initiatives newsletter.

Program Impact

For 20 years, under the Safe Harbor and Privacy Shield Frameworks, our non-profit program has delivered independent third-party dispute resolution services to U.S. businesses of all sizes. We also offer a package of compliance and administrative services.

Dispute Resolution

Conciliation and arbitration options offer flexibility and enhance customer service.

Monitoring & Reminders

Monitoring privacy notices and certifications with timely reminders to keep your team focused on privacy compliance.

Compliance Support

Hands-on assistance with developing Privacy Shield notices and navigating the self-certification process.

Resources & Guidance

Compliance tips and curated resources empower businesses to implement best practices.

Principles & Procedures

When a U.S. business joins Privacy Shield, it makes a public commitment that its processing of EU, UK, and Swiss personal data will meet the data protection standards embodied in the Privacy Shield Principles.

A business that chooses BBB EU Privacy Shield as its IRM agrees to follow our Procedure Rules when responding to privacy complaints, and to keep the same promise to the individuals who make use of our dispute resolution service.

Privacy Shield Principles

Read the Principles

Procedure Rules

Read the Rules

What Sets BBB EU Privacy Shield Apart?

Dispute Resolution

Our unique conciliation-first model delivers speedy and seamless dispute resolution services, following transparent procedures trusted by consumers and businesses alike. This meets the requirement for Privacy Shield businesses to select a recognized Independent Recourse Mechanism (IRM) to facilitate complaints brought by EU, UK, and Swiss individuals under Privacy Shield. Learn more about our complaint handling process.

Compliance & Monitoring

As your IRM, BBB EU Privacy Shield provides hands-on compliance assistance during self-certification and annual re-certification. We help your business align its privacy notices with the substantive requirements of Privacy Shield and support your team in meeting ongoing administrative requirements, through included monitoring and timely reminders. Learn more about our privacy policy guidance.

Service & Engagement

Through up-to-date guidance about the evolving data privacy landscape, BBB EU Privacy Shield enables its participants to focus on what matters. Our team also provides one-on-one support for participating businesses of all sizes. We are always at the ready to assist you, whether advising on best practices for consumer complaints or navigating a merger of two Privacy Shield certifications. Learn more about our application process.

Joining BBB EU Privacy Shield

STEP 1: Confirm your organization is eligible for Privacy Shield

STEP 2: Apply with BBB EU Privacy Shield

STEP 3: Update draft privacy policy to include Privacy Shield disclosures

STEP 4: Submit all materials and wait for our approval

STEP 5: Self-Certify with the U.S. Department of Commerce, International Trade Administration

How to Join

Get Started

News & Blog

Press Release

BBB National Programs’ Statement on Executive Order to Implement the European Union-U.S. Data Privacy Framework

McLean, VA – October 07, 2022 – Dona Fraser, BBB National Programs’ Senior Vice President, Privacy Initiatives, issued the following statement today on the Biden Administration’s Executive Order to implement U.S. commitments under the European Union-U.S. Data Privacy Framework.

Read the Statement

Blog

New WA Consumer Health Law Drives Call to Action: Adopt Robust Standards in the Health B2C Marketplace

The breadth of the Washington state My Health My Data Act brings digital consumer health protections into focus -- from every angle possible -- and will create important overlaps among existing consumer privacy laws, health and biometrics privacy laws, and this new standard for consumer health data in Washington.

Blog

Federal Privacy Legislation Should Create a Gateway for Industry Self-Regulation

Where ADPPA falls short and why self-regulation is fundamental to the broader data privacy ecosystem, not as a replacement but a good adjunct to support the FTC and other agencies that are subject to limited scope, resources, and capacity to regulate the privacy environment.

Blog

Key Takeaways: TikTok Testifies at House Energy & Commerce Committee Hearing

The U.S. House Energy & Commerce Committee's TikTok data privacy hearing emphasized the need for a comprehensive data privacy law. The hearing included the vast array of topics that are all being considered by Congress regarding federal data privacy, tech accountability and content moderation, and national security. Check out our takeaways of the most pressing, interconnected issues discussed.

In concert with our other privacy initiatives, we provide up-to-the-minute guidance on common privacy compliance obligations as well as curated resources to empower businesses to quickly embrace best practices.