Advisory: On October 6, 2015, the E

Advisory: On October 6, 2015, the European Court of Justice issued a judgment declaring as “invalid” the European Commission’s Decision 2000/520/EC of 26 July 2000 “on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce.”

In the current rapidly changing environment, the Department of Commerce will continue to administer the Safe Harbor program, including processing submissions for self-certification to the Safe Harbor Framework. If you have questions, please contact the European Commission, the appropriate European national data protection authority, or legal counsel.

Please click here for a statement by Secretary Pritzker on the EU-U.S. Privacy Shield and here for a factsheet.
The organizations on this list have notified the Department of Commerce that they adhere to the U.S.-EU Safe Harbor Framework developed by the Department of Commerce in coordination with the European Commission. The U.S.-EU Safe Harbor Framework provides guidance for U.S. organizations on how to provide adequate protection for personal data from the EU as required by the European Union's Directive on Data Protection.
An organization's self-certification of compliance with the U.S.-EU Safe Harbor Framework and the appearance of the organization on this list pursuant to the self-certification, constitute an enforceable representation to the Department of Commerce and the public that it adheres to a privacy policy that complies with the U.S.-EU Safe Harbor Framework.
There are benefits to organizations that participate in the U.S.-EU Safe Harbor program, but participation in the U.S.-EU Safe Harbor Framework and self-certification to the list are voluntary. Once an entity elects to participate in the program, it is legally required to comply with the Safe Harbor Privacy Principles. An organization's absence from the list does not mean that it does not provide effective protection for personal data or that it does not qualify for the benefits of the U.S.-EU Safe Harbor program. In order to keep this list current, a notification will be effective for a period of twelve months; therefore, organizations must notify the Department of Commerce every twelve months to reaffirm their continued adherence to the U.S.-EU Safe Harbor Framework.