The Path Forward for Privacy Shield
The BBB National Programs Privacy Initiatives team is here to help you navigate the road ahead.
In March 2022, the U.S. Department of Commerce announced an agreement in principle on a replacement for Privacy Shield, and in October, The White House published its long-awaited executive order committing to the EU-US Data Privacy Framework. Currently, the European Commission is conducting its adequacy and adoption process.
What does this mean for your business?
At this time there are no changes to the Privacy Shield Framework and no new obligations for participating businesses. The U.S. Department of Commerce continues to administer the Privacy Shield program.
Once the European Commission has completed its processes, the new EU-U.S. Data Privacy Framework will be released allowing Privacy Shield commitments to once again be recognized by the European Union as providing a legal basis for receiving the personal data of EU individuals in the United States.
Participation in Privacy Shield is an important part of a cohesive global privacy compliance strategy, enabling your organization to demonstrate its dedication to consumer privacy.
Whether you are a current, previous, or prospective participant in Privacy Shield,
we are here to help you navigate new developments as they happen.
What do I need to know?
- The EU and U.S. are adjusting their approach to Privacy Shield. The Executive Order released by the U.S. on October 7 committing to the new EU-U.S. Data Privacy Framework kicks off a several-month process for the European Commission to adopt a new adequacy determination that's required for the Data Privacy Framework to officially take effect.
- Timeline. Learn more about the expected post-Executive Order timeline here.
- Your Privacy Shield Status: Once the new framework is available, this page will outline what to expect for active Privacy Shield participants as well as lapsed participants.
A Trusted Partner

The BBB EU Privacy Shield Process
BBB National Programs is home to BBB EU Privacy Shield, the longest-running Independent Recourse Mechanism (IRM) supporting businesses of all sizes for 20+ years.
If you are not yet a participant, when a U.S. business joins Privacy Shield, it makes a public commitment that its processing of EU, U.K, and Swiss personal data will meet the data protection standards embodied in the Privacy Shield Principles.
1
Determine your eligibility.
Confirm your company is eligible for BBB EU Privacy Shield
2
Apply online.
Submit our online application and work with a member of our team to review and refine relevant data privacy policies and practices.
3
Submit your materials & self-certify.
Send us your finalized application materials and self-certify with the U.S. Department of Commerce.
Global Privacy Division
Through BBB National Programs' Global Privacy Division, businesses show their partners and customers that they put privacy first, no matter where they operate. Our programs serve as key elements of frameworks like the Cross-Border Privacy Rules and Privacy Shield, bridging gaps between divergent privacy and data protection regimes. By embracing our independent accountability mechanisms, participating businesses strengthen standards for data privacy and enhance consumer trust in the digital marketplace.