Requirements of ParticipationRequirements of Participation

The Privacy Shield Principles comprise a set of seven commonly recognized privacy principles combined with 16 equally binding supplemental principles, which explain and augment the first seven. Collectively, these 23 Privacy Shield Principles lay out a set of requirements governing participating organizations’ use and treatment of personal data received from the EU under the Framework as well as the access and recourse mechanisms that participants must provide to individuals in the EU. Once an organization publicly commits to comply with the Privacy Shield Principles, that commitment is enforceable under U.S. law.

Privacy Shield Principles

I. Overview

II. Principles

1. Notice
2. Choice
3. Accountability for Onward Transfer
4. Security
5. Data Integrity and Purpose Limitation
6. Access
7. Recourse, Enforcement and Liability

III. Supplemental Principles

1. Sensitive Data
2. Journalistic Exceptions
3. Secondary Liability
4. Performing Due Diligence and Conducting Audits
5. The Role of the Data Protection Authorities
6. Self-Certification
7. Verification
8. Access
9. Human Resources Data
10. Obligatory Contracts for Onward Transfers
11. Dispute Resolution and Enforcement
12. Choice - Timing of Opt Out
13. Travel Information
14. Pharmaceutical and Medical Products
15. Public Record and Publicly Available Information
16. Access Requests by Public Authorities

Annex I

Introduction
A. Scope
B. Available Remedies
C. Pre-Arbitration Requirements
D. Binding Nature of Decisions
E. Review and Enforcement
F. The Arbitration Panel
G. Arbitration Procedures
H. Costs