The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce (DOC) and the European Commission to provide organisations on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union (EU) to the United States in support of transatlantic trade.
On July 12, 2016 the European Commission announced the approval of the EU-U.S. Privacy Shield Framework, which will replace the U.S.-EU Safe Harbor Framework as a valid mechanism to comply with EU data protection requirements when transferring personal data from the EU to the United States.
The U.S.-Swiss Safe Harbor Framework was designed by the DOC and the Swiss government to provide organisations in Switzerland and the United States with a mechanism to comply with Swiss data protection requirements when transferring personal data from Switzerland to the United States.
The Privacy Shield and Safe Harbor programmes, which are administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enable U.S.-based organisations to join said programmes in order to benefit from the recognition of the validity of these transfer mechanisms on the basis that these ensure an adequate level of protection for the personal data transferred to participating U.S.-based organisations.
To join the Privacy Shield and Safe Harbor programmes administered by the DOC, a U.S.-based organisation will be required to self-certify to the DOC and publicly commit to comply with the respective Frameworks’ requirements. While joining either of these DOC-administered programmes is voluntary, once an eligible organisation makes the public commitment to comply with the respective Frameworks’ requirements, the commitment will become enforceable under U.S. law.
All organisations interested in joining one or both of these DOC-administered programmes should review the requirements in their entirety. The DOC’s Privacy Shield and Safe Harbor websites provide useful information regarding the benefits and requirements of participation in these programmes.
U.S.-based organisations that self-certify their compliance under the Privacy Shield and Safe Harbor Frameworks must, amongst other things, provide readily available recourse mechanisms available to investigate unresolved complaints, including a system of alternative dispute resolution (ADR) by an independent third party. The independent recourse mechanisms must be in place prior to self-certification, and must be available at no cost to the individual.
Although organisations self-certifying under either Privacy Shield or Safe Harbor may utilise private sector developed dispute resolution programmes for most categories of personal data covered under their self-certifications, those organisations covering human resources data (i.e., personal information about employees, past or present, collected in the context of the employment relationship) transferred from the EU must agree to cooperate and comply with the EU data protection authorities (DPAs) with respect to such data.
JAMS is available to serve as your organisation’s designated ADR provider and to assist in resolving disputes under DOC-administered Privacy Shield and Safe Harbor self-certification privacy compliance programmes, up to the point of any final arbitration invoked in accordance with the procedures and conditions set forth in the EU-U.S. Privacy Shield Framework.
JAMS will, for a transitional period, continue to handle Safe Harbor cases under the U.S.-EU Safe Harbor Framework for organisations that have designated JAMS as their ADR provider, as these organisations transition to self-certification under the EU-U.S. Privacy Shield Framework. With a panel of over 300 full-time neutrals around the world, JAMS specialises in resolving disputes of all sizes and levels of complexity and our neutrals have significant experience resolving issues involving privacy.
Mediations will be conducted pursuant to JAMS International Mediation Rules unless the parties have specified a different set of Rules or Procedures.
JAMS DOES NOT charge any fees for an organisation to name it as an ADR provider. If an organisation names JAMS as its ADR provider under the EU-U.S. Privacy Shield Program and / or the U.S.-Swiss Safe Harbor Program and / or the U.S.-EU Safe Harbor Program, we request that you notify JAMS by completing this registration form.
When a consumer initiates a mediation against an organisation (whether under JAMS International Mediation Rules or another set of rules) all fees for the mediation, including JAMS Case Management Fee, must be borne by the Organization. The fee arrangement is common to all Privacy Shield and Safe Harbor cases. For any other matters, standard JAMS policies apply.Download the JAMS EU-U.S. Privacy Shield and Safe Harbor Fee Schedule
Name JAMS as Your Dispute Resolution Provider
If you wish to name JAMS as your Dispute Resolution provider under the EU-U.S. Privacy Shield program or the Safe Harbor program, please register using the link below.
The URL you will need to provide to your customers to open an EU-U.S. Privacy Shield or Safe Harbor case is: https://www.jamsadr.com/eu-us-privacy-shield
File a Claim
If you are a consumer and wish to open an EU-U.S. Privacy Shield or Safe Harbor case, please file a claim using the link below.