The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce (DOC) and the European Commission to provide organizations on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union (EU) to the United States in support of transatlantic trade. On July 12, 2016 the European Commission announced the approval of the EU-U.S. Privacy Shield Framework, which will replace the U.S.-EU Safe Harbor Framework as a valid mechanism to comply with EU data protection requirements when transferring personal data from the EU to the United States. The U.S.-Swiss Safe Harbor Framework was designed by the DOC and the Swiss government to provide organizations in Switzerland and the United States with a mechanism to comply with Swiss data protection requirements when transferring personal data from Switzerland to the United States.
The Privacy Shield and Safe Harbor programs, which are administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enable U.S.-based organizations to join said programs in order to benefit from the recognition of the validity of these transfer mechanisms on the basis that these ensure an adequate level of protection for the personal data transferred to participating U.S.-based organizations. To join the Privacy Shield and Safe Harbor programs administered by the DOC, a U.S.-based organization will be required to self-certify to the DOC and publicly commit to comply with the respective Frameworks’ requirements. While joining either of these DOC-administered programs is voluntary, once an eligible organization makes the public commitment to comply with the respective Frameworks’ requirements, the commitment will become enforceable under U.S. law. All organizations interested in joining one or both of these DOC-administered programs should review the requirements in their entirety. The DOC’s Privacy Shield and Safe Harbor websites provide useful information regarding the benefits and requirements of participation in these programs.
U.S.-based organizations that self-certify their compliance under the Privacy Shield and Safe Harbor Frameworks must, amongst other things, provide readily available recourse mechanisms available to investigate unresolved complaints, including a system of alternative dispute resolution (ADR) by an independent third party. The independent recourse mechanisms must be in place prior to self-certification, and must be available at no cost to the individual. Although organizations self-certifying under either Privacy Shield or Safe Harbor may utilize private sector developed dispute resolution programs for most categories of personal data covered under their self-certifications, those organizations covering human resources data (i.e., personal information about employees, past or present, collected in the context of the employment relationship) transferred from the EU must agree to cooperate and comply with the EU data protection authorities (DPAs) with respect to such data.
JAMS is available to serve as your organization’s designated ADR provider and to assist in resolving disputes under DOC-administered Privacy Shield and Safe Harbor self-certification privacy compliance programs, up to the point of any final arbitration invoked in accordance with the procedures and conditions set forth in the EU-U.S. Privacy Shield Framework. JAMS will, for a transitional period, continue to handle Safe Harbor cases under the U.S.-EU Safe Harbor Framework for organizations that have designated JAMS as their ADR provider, as these organizations transition to self-certification under the EU-U.S. Privacy Shield Framework. With a panel of over 300 full-time neutrals around the world, JAMS specializes in resolving disputes of all sizes and levels of complexity and our neutrals have significant experience resolving issues involving privacy.
Mediation Rules
Mediations will be conducted pursuant to JAMS International Mediation Rules unless the parties have specified a different set of Rules or Procedures.
Fees
JAMS DOES NOT charge any fees for an organization to name it as an ADR provider. If an organization names JAMS as its ADR provider under the EU-U.S. Privacy Shield Program and / or the U.S.-Swiss Safe Harbor Program and / or the U.S.-EU Safe Harbor Program, we request that you notify JAMS by completing this registration form.
When a consumer initiates a mediation against an organization (whether under JAMS International Mediation Rules or another set of rules) all fees for the mediation, including JAMS Case Management Fee, must be borne by the Organization. The fee arrangement is common to all Privacy Shield and Safe Harbor cases. For any other matters, standard JAMS policies apply.
Name JAMS as Your Dispute Resolution Provider
If you wish to name JAMS as your Dispute Resolution provider under the EU-U.S. Privacy Shield program or the Safe Harbor program, please register using the link below.
Customer URL
The URL you will need to provide to your customers to open an EU-U.S. Privacy Shield or Safe Harbor case is: https://www.jamsadr.com/eu-us-privacy-shield
File a Claim
If you are a consumer and wish to open an EU-U.S. Privacy Shield or Safe Harbor case, please file a claim using the link below.
Additional Resources