Withdrawal from Privacy ShieldWithdrawal from Privacy Shield
If your organization wishes to withdraw from the Privacy Shield, please contact the Privacy Shield Team at the Department of Commerce. The Privacy Shield Team will send your organization a questionnaire to verify whether it will return, delete, or continue to apply the Privacy Shield Principles to the personal information that it received while participating in the Privacy Shield, and if personal information will be retained who within your organization will serve as an ongoing point of contact for Privacy Shield-related questions.
Upon confirming your organization's withdrawal, the Privacy Shield Team will remove your organization from the Privacy Shield List and add your organization to the authoritative record of U.S. organizations that had previously self-certified to the Department, but have been removed from the Privacy Shield List with an indication that your organization had requested to withdraw. This record will be accessible from the Privacy Shield website.
Upon your organization’s removal from the Privacy Shield List, your organization may no longer benefit from the European Commission’s or Swiss Government's adequacy decision to receive personal information from the EU or Switzerland. Your organization must continue to apply the Privacy Shield Principles to the personal information it received while it participated in the Privacy Shield, and affirm to the Department on an annual basis its commitment to do so, for as long as it retains such information; otherwise, your organization must return or delete the information or provide "adequate" protection for the information by another authorized means.
If your organization elects at the time of its withdrawal to retain the personal data and affirm to the Department on an annual basis that it continues to apply the Privacy Shield Principles to the personal information, the Privacy Shield Team will send your organization a questionnaire once a year following its withdrawal. The Privacy Shield Team will send your organization that questionnaire to verify what was done with respect to the personal data received in reliance upon Privacy Shield that your organization had indicated at the time of its withdrawal would be retained and what it will do with respect to any such data retained by your organization, as well as who within your organization will serve as an ongoing point of contact for Privacy Shield-related questions. Your organization will also be required to pay a $200 fee to ITA once a year following its withdrawal.