ICAEW.com works better with JavaScript enabled.

Privacy Shield

Update to the EU-US Privacy Shield framework, which was adopted in July 2016.

This article is not intended to constitute legal advice. Specific legal advice should be sought before taking or refraining from taking any action in relation to the matters mentioned in this article.

On 12 July 2016 the European Commission announced that the EU-US Privacy Shield (formerly Safe Harbour) framework had been adopted.

However it is likely that this new framework will shortly be legally challenged by those that feel it does not go far enough to protect EU citizens rights. As soon as more information is available this website will be updated.

This framework replaces Safe Harbour, which was deemed invalid in the autumn of 2015. The new framework attempts to provide strong consumer protection rights in light of concerns over privacy violations.

This new framework will ensure that the personal data from EU citizens is protected when processed by US companies.

The framework is based on a number of principles

  • Obligations on US companies to provide privacy protection in-line with EU data protection act legislation.
  • Companies that commit to the regulation face exclusion if they fail to comply with the regulation.
  • Safeguards and transparency obligations on U.S. government when accessing EU data.
  • Effective protection of individual rights, including dispute resolution.
  • Annual joint review of the functioning of the framework.

If you operate in a multinational or work a US based organisation you should consider joining the Privacy Shield framework. US companies will be able to self-certify against the framework from 1 August 2016.

General Data Protection Regulations


Last updated 13 July 2016.