© BBB National Programs, 2022. All Rights Reserved.
Compliance Activities &
Casework Conducted by
BBB EU Privacy Shield
from August 1, 2021
through July 31, 2022
Bryant C. Fry, FIP, CIPP/US, CIPM
Director, Privacy Operations
Procedure
Report
2021-2022
bbbprograms.org
© BBB National Programs, 2022. All Rights Reserved. 2
BBB National Programs
BBB EU Privacy Shield
Procedure Report 2021-2022
Executive Summary
The period covered by
this report, August 1, 2021
through July 31, 2022,
constituted the fifth year
of BBB EU Privacy Shield
(BBB EUPS) operations.
The program was launched
in 2016 as an Independent
Recourse Mechanism
supporting the Privacy
Shield Frameworks. This
program provides both
independent dispute
resolution and compliance
assistance to participating
businesses.
Key program activities during
this review period included:
Continuing to assist participants
and new applicants in aligning
their privacy policies and
self-certifications with the
requirements of Privacy Shield
Educating participants on the July
16, 2020 decision from the Court
of Justice of the European Union
(CJEU), known as Schrems II
Handling eligible complaints
received by the program under
Privacy Shield
bbbprograms.org
© BBB National Programs, 2022. All Rights Reserved. 3
BBB National Programs
BBB EU Privacy Shield
Procedure Report 2021-2022
Year in Review
Participation
Despite ongoing uncertainty about EU-U.S. data transfers, more than 750 U.S. businesses
have continued their commitment to uphold the standards of the Privacy Shield Framework
by self-certifying during the review period and maintaining their enrollment in the
independent dispute resolution services provided by BBB EUPS.
Outreach
BBB National Programs publishes periodic participant newsletters and online Privacy Shield
compliance guidance for program applicants and participating businesses. Our experts also
speak and write routinely on privacy topics, including Privacy Shield and the APEC Cross-
Border Privacy Rules system. BBB National Programs also produces podcasts for those in
the business audience who prefer to receive compliance guidance in audio form.
Though BBB EUPS does not provide individualized compliance assistance beyond our
Privacy Shield services, the program is making ongoing eorts to provide our applicants
and participants with accurate information about the changes in EU privacy law brought
about by GDPR. We post updated guidance at bbbprograms.org/Data-Privacy along with
links to external resources, and we continue to discuss GDPR and other privacy topics in
ongoing blog posts and in our periodical newsletter for participants.
Compliance Activities
BBB EUPS continues to provide all program applicants with privacy policy guidance and
assists as needed with self-certification and recertification. The program also monitors
participants’ online privacy policies and Privacy Shield self-certifications on an ongoing
basis for changes that may aect compliance and provides automatic reminders to
businesses before their self-certifications are due for renewal.
bbbprograms.org
© BBB National Programs, 2022. All Rights Reserved. 4
BBB National Programs
BBB EU Privacy Shield
Procedure Report 2021-2022
Complaint Handling
During this period of review, the program received 480 submissions from individual
consumers worldwide, including 166 from the EU, the U.K., and Switzerland, through
the BBB EUPS online complaint form. Following a review of each complaint by program
sta, 479 complaints were determined to be ineligible for resolution by the program for
one or more of the following reasons:
They concerned businesses not enrolled in BBB EUPS
They did not involve data collection in the EU, U.K., or Switzerland
They were unrelated to privacy (i.e., product or service complaints)
They failed to state a complaint
The single remaining complaint was dropped by the complainant before eligibility could be
established.
750
166
self-certified participants as of
July 31, 2022
complaints received from
individuals in the EU, U.K.,
and Switzerland
complaints received from
individuals worldwide
potentially
eligible complaint
addressed
480
1
bbbprograms.org
© BBB National Programs, 2022. All Rights Reserved. 5
BBB National Programs
BBB EU Privacy Shield
Procedure Report 2021-2022
About the Privacy
Shield Frameworks
On July 12, 2016, the U.S. Department of Commerce
and the European Commission announced the
launch of the EU-U.S. Privacy Shield Framework for
transatlantic data flows to replace the U.S.-EU Safe
Harbor, which had been invalidated by a decision of
the European Court of Justice in October 2015. While
retaining many elements of Safe Harbor, Privacy Shield
includes enhanced consumer privacy protections for
EU individuals, promotes greater transparency around
data collection, use, and sharing, and helps U.S. businesses demonstrate that their privacy
practices meet EU data protection requirements.
On January 12, 2017, the Swiss Government approved the Swiss-U.S. Privacy Shield
Framework as a valid legal mechanism for U.S. organizations to comply with Swiss data
protection requirements when transferring personal data from Switzerland to the United
States. The U.S. Department of Commerce began accepting self-certifications for this
Framework on April 12, 2017.
Organizations participating in either Privacy Shield Framework must submit a self-
certification application to the Department of Commerce, stating their adherence to
the Privacy Shield Principles for personal data they receive from the EU or Switzerland.
Participating businesses are required to maintain a current self-certification on the ocial
EU-U.S. or Swiss-U.S. Privacy Shield Lists maintained by the U.S. Department of Commerce.
Each participating business must also contribute to the Arbitral Fund, which supports
the operation of the Annex I arbitration mechanism for residual complaints that remain
unresolved by multiple redress mechanisms.
Participants must also verify on an annual basis that their public attestations regarding
their Privacy Shield privacy practices are accurate, through self-assessment or outside
compliance reviews, and must designate an independent dispute resolution option—also
called an Independent Recourse Mechanism or IRM—to handle privacy complaints from EU
and Swiss individuals whose personal data they process.
This co-regulatory
program ensures that
participating U.S.
businesses embrace
accountable data
protection practices
and that EU, U.K.,
& Swiss consumers
receive expeditious
and fair recourse for
their privacy concerns.
bbbprograms.org
© BBB National Programs, 2022. All Rights Reserved. 6
BBB National Programs
BBB EU Privacy Shield
Procedure Report 2021-2022
BBB EU Privacy Shield (BBB EUPS) was established in 2016 as a successor program to the
BBB EU Safe Harbor Program that had operated as an Independent Recourse Mechanism since
2000. The program provides compliance assistance for U.S. businesses preparing for self-
certification under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, as well as ongoing
review of the Privacy Shield statements and certifications of the program’s participating
businesses and up-to-date guidance on privacy compliance. At its core, BBB EUPS operates
an independent third-party dispute resolution mechanism enabling individuals in the European
Union, Switzerland, and United Kingdom to resolve Privacy Shield complaints against
participating businesses. The objectives of this co-regulatory program are to ensure that privacy
concerns of individual complainants are addressed expeditiously and fairly and to promote
privacy accountability among participating businesses.
During its sixth full year of operating under the Privacy Shield Frameworks, BBB EUPS provided
its services to more than 900 businesses.
This annual report summarizes the ongoing compliance activities and casework of the BBB
EUPS program spanning August 1, 2021 through July 31, 2022.
BBB EU Privacy Shield Core Requirements
Each U.S. business that applies to join BBB EUPS provides the program with a draft copy of the
consumer-facing Privacy Shield-compliant privacy policy that it will post on its public website
once it is self-certified under Privacy Shield. BBB EUPS sta reviews the privacy policy for basic
compliance with Privacy Shield Notice Principle requirements. Notably, BBB EUPS sta ensures
that the draft privacy policy includes clear instructions for EU and Swiss individuals who wish to
contact the business with Privacy Shield complaints and inquiries, as well as a hyperlink to the
BBB EUPS consumer information webpage and online complaint form.
About BBB EU
Privacy Shield
In its sixth full year of operating under the Privacy Shield Frameworks, BBB
National Programs provided services to more than 900 businesses and 450
consumers through its BBB EU Privacy Shield program.
bbbprograms.org
© BBB National Programs, 2022. All Rights Reserved. 7
BBB National Programs
BBB EU Privacy Shield
Procedure Report 2021-2022
Participation Requirements
Each BBB EUPS participant is required to:
Upload the privacy policy approved by BBB EUPS to the U.S. Department of Commerce
website during the self-certification process and, following approval, to post and
maintain the privacy policy on all business websites to be covered by Privacy Shield;
Notify BBB EUPS of all changes to the approved policy, including any changes required
during the self-certification process, and provide BBB EUPS a copy of the updated and
posted policy;
Apply promptly for self-certification with the U.S. Department of Commerce following
acceptance into the BBB EUPS program, and maintain a current self-certification for the
duration of its participation in BBB EUPS;
Cooperate with BBB EUPS sta to respond to privacy complaints in accordance with the
BBB Procedure Rules;
Accept the Panelist’s final decision in cases sent to a Data Privacy Review before an
independent Data Privacy Panelist; and
Implement any corrective action agreed to as part of a settlement or mandated by a
Panelist’s decision.
Each participant executes a Participation Agreement that is renewable annually following a BBB
EUPS sta review of the business’s online Privacy Shield privacy policy and self-certification
listing to ensure that the business remains in compliance with all program requirements.
Review of Privacy Policies and Practices
BBB EUPS sta examines each applicant’s draft public privacy policy for inclusion of all
elements required by the Privacy Shield Notice Principle and for consistency with the rest of
the Privacy Shield Frameworks. In addition, sta reviews any other relevant published policies
or referenced terms and conditions for consistency.
Applicant businesses can access detailed resources about the Privacy Shield Principles and
the self-certification process at bbbprograms.org/EUPS. We provide additional privacy policy
guidance and tips for our participating businesses during the application process.
This guidance helps each participating business to:
Ensure that the Privacy Shield notice in its privacy policy is clearly written and is readily
accessible on the business’s public website.
Ensure that the Privacy Shield notice clearly identifies the corporate entity or entities
processing EU or Swiss personal data pursuant to Privacy Shield.
If a brand name or d/b/a is used on the business’s public website(s), the business’s
legal name should also appear in the policy, in its self-certification, and in the BBB
EUPS Participation Agreement. This information can facilitate a consumer’s search for
the appropriate business on the ocial U.S. Department of Commerce Privacy Shield
List and in the BBB EUPS complaints system.
Ensure that all covered websites include the approved Privacy Shield notice, including an
active hyperlink to the BBB EUPS consumer pages and complaint system.
© BBB National Programs, 2021. All Rights Reserved.
bbbprograms.org
© BBB National Programs, 2021. All Rights Reserved. 8
BBB National Programs
BBB EU Privacy Shield
Procedure Report 2020-2021
Compliance
Activities
& Key Issues
2021-2022
Organizations maintaining enrollment
in BBB EUPS during the period
of review ranged from large
multinational corporations to small
and mid-sized businesses across
multiple industry sectors. Those
seeking self-certification assistance
from BBB EUPS were closely engaged
in adapting their privacy policies to
align with Privacy Shield requirements
and to resolve any conflicts with other
EU, Swiss, or U.K. requirements, as
applicable.
BBB EUPS continues to work closely
with new program applicants to
help them comply with all current
requirements of the Privacy
Shield self-certification process.
Through our routine review process
following self-certification, we
alert our participating businesses
about upcoming deadlines for re-
certification, request clarification
when inconsistencies are found, and
follow up through all available means
of communication when lapses
occur. We routinely provide updated
guidance about changes to the
certification process to the business
community on our program website
and to our participants and applicants
in newsletters, service messages, and
one-on-one consultations.
The Schrems II Decision
On July 16, 2020, in a decision known as Schrems
II, the Court of Justice of the European Union
invalidated the European Commission’s Implementing
Decision (EU) 2016/1250 on the adequacy of the
protection provided by the EU-U.S. Privacy Shield.
As a result of the Schrems II decision, throughout
the 2021-2022 reporting period the EU-U.S. Privacy
Shield Framework has not been recognized as a valid
mechanism to comply with EU requirements when
transferring personal data from the European Union
to the United States. Similarly, after the September
8, 2020 opinion of the Federal Data Protection and
Information Commissioner of Switzerland (FDPIC),
organizations wishing to rely on the Swiss-U.S. Privacy
Shield to transfer personal data from Switzerland
to the United States should seek guidance from the
FDPIC or legal counsel.
Nevertheless, as the U.S. Department of Commerce
and the U.S. Federal Trade Commission have stated,
the Schrems II decision does not relieve Privacy
Shield participants of their obligations under the
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
Frameworks. Accordingly, throughout the review
period, BBB EUPS has continued to deliver its
services as an Independent Recourse Mechanism
to participating businesses that self-certify their
compliance with the Privacy Shield Principles.
As we await future developments related to lawful
data transfers, BBB EUPS continues to assist our
participating businesses with aligning their practices
with data protection requirements in the European
Union, Switzerland, and the United Kingdom. At
the same time, we maintain our robust procedures
for holding participating businesses to the high
standards of the Privacy Shield Principles through
our continuing operation of an independent
dispute resolution mechanism, which, as this report
demonstrates, provides responsive recourse for
European data subjects with privacy complaints.
bbbprograms.org
© BBB National Programs, 2022. All Rights Reserved. 9
BBB National Programs
BBB EU Privacy Shield
Procedure Report 2021-2022
Dispute Resolution
& Enforcement
BBB EUPS’ dispute resolution procedures are
designed with two primary goals in mind. First,
to ensure that the privacy concerns of individual
complainants concerning data collected in the EU,
U.K., or Switzerland are addressed speedily and
impartially. Second, to promote privacy accountability
among U.S. businesses participating in the program.
BBB National Programs provides a secure,
accessible online mechanism for handling privacy
complaints under the Privacy Shield Principles by
individuals against participating U.S. businesses.
The service is provided free of charge to individual
complainants, who can readily access the BBB
EUPS online complaint form through a live hyperlink
each participating business must include in the
privacy policy posted on its public website.
The dedicated link first takes the site visitor to BBB EUPS’ consumer-facing web page
entitled “For EU, U.K., and Swiss Consumers: BBB EUPS Dispute Resolution Process” which
describes the program’s role as an IRM and our complaint process.
1
From this page, the site
visitor clicks a prominent “File a Complaint” button to gain direct access to the BBB EUPS
complaint form. On a second page linked from the main consumer-facing page, entitled
“How to File a Complaint with BBB EU Privacy Shield,” visitors can find a mailing address to
communicate with the program by postal mail.
Complaint Handling Rules and Procedures
As provided in the program’s Procedure Rules,
2
BBB EUPS engages in a multi-step process
through which we determine complaint eligibility and then resolve complaints against
participating businesses through our dispute resolution procedures. Language translation
services are available as needed to facilitate any or all stages of the complaint review and
dispute resolution process.
1. See https://bbbprograms.org/programs/all-programs/bbb-privacy-shield/eu-dispute-resolution. While the program welcomes complaints from
individuals in the U.S. or in other countries who claim that their data was collected in the EU, U.K., or Switzerland and received in the United States by a
Privacy Shield business, we pay particular attention to ensuring access by EU, U.K., and Swiss data subjects.
2. https://bbbprograms.org/programs/all-programs/bbb-privacy-shield/rules-and-policies.
Primary Dispute
Resolution Goals
Ensure that the privacy
concerns of individual
complainants concerning
data collected in the EU,
U.K., or Switzerland are
addressed speedily and
impartially.
Promote privacy
accountability among U.S.
businesses participating in
the program.
1
2
bbbprograms.org
© BBB National Programs, 2022. All Rights Reserved. 10
BBB National Programs
BBB EU Privacy Shield
Procedure Report 2021-2022
Initial Eligibility Review
BBB EUPS sta reviews each incoming complaint to determine whether, on its face, the
complaint is eligible for resolution under the program. During this step of the process,
complaints are closed if they (A) do not identify a BBB EUPS participating business or (B) do
not originate from an individual in the EU, U.K., or Switzerland and do not otherwise allege
data collection in the EU, U.K., or Switzerland. When a complaint is closed for one of these
reasons, the complainant is provided with instructions to pursue relevant alternative redress
options. If the complaint concerns an organization self-certified under Privacy Shield, we
provide a link to the organization’s public certification page. If the complaint concerns a U.S.
business not participating in Privacy Shield, we direct the complainant to the appropriate local
BBB. If the complaint concerns an organization in the EU, U.K., or Switzerland, we provide the
complainant with information on contacting the appropriate Data Protection Authorities.
In addition, complaints are closed at this stage if they (C) do not state a complaint of
any kind (e.g., unintelligible submissions) or (D) are entirely unrelated to data protection
concerns (e.g., product or service complaints). When a complaint is closed for one of these
reasons, the complainant is encouraged to contact BBB EUPS with additional information if
they believe their complaint is in fact eligible for resolution.
Verifying Eligibility
When a complaint appears to be potentially eligible for the program, but lacks important
information, BBB EUPS contacts the complainant to confirm that the complaint
meets Privacy Shield eligibility criteria before opening a case. This process may entail
requesting information from the complainant such as the location of the data collection,
the complainant’s identity, the nature of the personal data at issue, or the nature of the
complaint itself. It also may be necessary to confirm that the complainant has made a good
faith eort to contact the relevant participating business about their complaint.
Conciliation
When a complaint is found eligible, BBB EUPS opens a formal case and works with the
complainant and the participating business to develop the facts and to facilitate a mutually
agreeable settlement of the complaint in a process known as conciliation. BBB EUPS and
its predecessor privacy programs have resolved many of the privacy complaints received
through conciliation and settlement by the parties.
Data Privacy Review
If conciliation eorts are unsuccessful, either the complainant or the participating business
may request a Data Privacy Review, which takes the form of a decision by an independent
panelist on EUPS’ Data Privacy Board based on a review of the Case Record, including
position statements submitted by each of the parties regarding the complaint. The panelist
has discretion to seek additional written information from the parties and to convene a
telephone hearing, if necessary, before issuing a final decision.
3
3. See Part 4 of the Procedure Rules at https://bbbprograms.org/programs/all-programs/bbb-privacy-shield/rules-and-policies
bbbprograms.org
© BBB National Programs, 2022. All Rights Reserved. 11
BBB National Programs
BBB EU Privacy Shield
Procedure Report 2021-2022
Participating businesses that fail to comply with BBB EUPS Data Privacy Review
procedures, including failing to take agreed upon action following a conciliated settlement,
or failing to implement mandated corrective action following the final decision of the
independent Data Privacy Board panelist, may be referred to the appropriate federal
government agency—generally the Federal Trade Commission—and the referral will be
reported to the Department of Commerce.
In such a case, BBB EUPS is required to publish in its next Annual Procedure Report the
name of the participating business and the fact of the referral, along with a summary report
of the facts of the case and the Procedure’s action in the matter.
4
Compliance Verification and Additional Redress Options
BBB EUPS verifies each business’s performance of corrective actions agreed to in a
conciliated settlement or mandated by a Data Privacy Review, as applicable. This is a multi-
step process that may add significant time to the full resolution of the case, depending on
the nature of the corrective actions. Performance is verified through independent means,
when possible, and through a formal certification by the business. Following verification,
BBB EUPS seeks confirmation from the complainant that the matter has been resolved to
their satisfaction. The case is then closed. However, each complainant is also advised that
they are not bound by the outcome of the BBB EUPS dispute resolution procedure, and
that they are free to pursue all additional redress options available under Privacy Shield, up
to and including the binding arbitration procedures provided for in Annex 1.
4. See Section 8.8 of the Procedure Rules at https://bbbprograms.org/programs/all-programs/bbb-privacy-shield/rules-and-policies.
bbbprograms.org
© BBB National Programs, 2022. All Rights Reserved. 12
BBB National Programs
BBB EU Privacy Shield
Procedure Report 2021-2022
2021-2022 BBB EU Privacy
Shield Casework
The report addresses only complaints submitted directly to the program by mail or through
the dedicated Privacy Shield online complaint form. Complaints are funneled to this form in
most cases through a dedicated link in participating business privacy policies, through the
“File a Complaint” link on our dedicated consumer-facing webpages.
During this review period, BBB EUPS received a total of 480 complaints.
Origin of All Complaints Received 2021-2022
The BBB EUPS dispute resolution service was accessed during the review period by
complainants from a diverse group of countries, including the EU and Switzerland. Of 480
complaint submissions reviewed, 166 were submitted by individuals claiming to be in 25
EU countries plus the United Kingdom and Switzerland, 195 were submitted by individuals
who provided a U.S. address, and 119 were received from individuals who appeared to be in
other countries outside the EU.
The figure below shows the geographic distribution of complaints received.
During the period of review, BBB EUPS received 166 complaints from
individuals in the European Union, United Kingdom, and Switzerland.
Complaints Received by Geographic
Region
195 Individuals in the U.S.
166 Individuals in the EU, U.K., & Switzerland
119 Individuals in Other Countries
166
EU/U.K./
Swiss
119
Other
195
U.S.
bbbprograms.org
© BBB National Programs, 2022. All Rights Reserved. 13
BBB National Programs
BBB EU Privacy Shield
Procedure Report 2021-2022
Statistics and Analysis of Complaints Received 2021-2022
BBB EUPS received a total of 480 complaint submissions during the 2021-2022 reporting
period.
A total of 166 complaints reviewed during this period originated in the EU, the U.K., and
Switzerland. 142 of these complaints concerned businesses not currently participating in
the BBB EUPS program.
Following an eligibility review of each complaint, which included requesting additional
information from the complainant wherever appropriate, the total complaints received
ultimately resulted in a single case that BBB EUPS processed during the review period.
Ineligible Complaints
Although most complaints received were found ineligible for resolution, BBB EUPS reviewed
each complaint carefully, as described in the section titled “Initial Eligibility Review.” For
complaints closed as ineligible, BBB EUPS sought to direct complainants to an alternative
dispute resolution mechanism, where appropriate.
Austria 4
Breakdown of EU, U.K., and Swiss Complaints
Received by Country
Belgium 3
Bulgaria 3
Croatia 1
Cyprus 2
CzechRepublic 1
Denmark 0
Estonia 0
Greece 5
Hungary 3
Iceland 1
Ireland 6
Italy 11
Finland 1
France 6
Germany 6
Norway 6
Poland 4
Latvia 2
Liechtenstein 0
Lithuania 0
Luxembourg 2
Malta 0
Netherlands 3
Portugal 6
Romania 2
Slovakia 1
Slovenia 2
Spain 1
Sweden 4
Switzerland 2
United Kingdom 78
Fewer
Complaints
More
Complaints
bbbprograms.org
© BBB National Programs, 2022. All Rights Reserved. 14
BBB National Programs
BBB EU Privacy Shield
Procedure Report 2021-2022
The table below represents the 165 complaints received during the reporting period that
were closed after the initial eligibility review. 142 of these were found ineligible because they
did not identify a business participating in the BBB EUPS program. BBB EUPS completed the
initial eligibility review and responded to these complaints within an average of five days.
On average, BBB EUPS closed each ineligible complaint that identified a participating
business within five days.
The remaining single complaint was considered facially eligible for review through the BBB
EUPS procedure.
Breakdown of Ineligible Complaints, 2021-2022
142
EU
18
3
Not a Participating Business
Participating Business
but non-complaint
(e.g., comment, empty, spam)
Complaint, but not
a privacy complaint
(e.g., service issue)
Privacy complaint, but not
subject to Privacy Shield
0
Switzerland
1
1
148
U.S.
39
0
8
42
Other
77
0
0
332
Total
135
4
8
Reason for Ineligibility
Region/Country of Origin
Eligible Complaints
Complaints that appeared on their face to be eligible for resolution by BBB EUPS
remained open after the initial eligibility review. At this stage, BBB EUPS reached out to
the complainant for additional information needed to open a case, as described in the
“Verifying Eligibility” section of this report. The single complaint potentially eligible for
resolution by BBB EUPS was closed after 45 days when the complainant did not respond to
sta requests for additional information required to proceed with the case.
© BBB National Programs, 2022. All Rights Reserved. 15
BBB National Programs
BBB EU Privacy Shield
Procedure Report 2021-2022
bbbprograms.org
Observations
The Privacy Shield Frameworks have been unique among international data transfer
mechanisms authorized under European data protection law. Not only do the Privacy Shield
Principles require participating U.S. businesses to publicly commit to align their practices
with European standards, but they also provide for free, transparent, and expedited
alternative dispute resolution for individual privacy inquiries and complaints. This mechanism
has enabled EU, U.K., and Swiss data subjects to readily exercise their data protection rights
with respect to the commercial use of their personal data in the United States. Since its
launch on July 12, 2016, BBB EUPS has seen a sustained demand for its dispute resolution
services from EU, U.K., and Swiss individuals seeking to resolve privacy concerns raised by
transatlantic transfers of their personal data. Nothing has diminished the demand from data
subjects for responsive and eective redress related to the commercial processing of their
personal data. In fact, during the current period of review, BBB EUPS saw sustained global
demand for resolution of privacy complaints. This year, the number of complaints originating
in the EU, U.K., and Switzerland exceeded the prior year’s total, just as it has done for every
year of program operation.
While a majority of the European complaints received have been directed against companies
not enrolled in BBB EUPS or not self-certified to Privacy Shield, the ongoing engagement of
EU, U.K., and Swiss individuals with our program suggests a continued desire for expedient
and eective alternative dispute resolution options for commercial privacy concerns that
transcend jurisdictional lines. As data continues to flow globally, multi-layered mechanisms of
accountability like Privacy Shield will continue to be an essential ingredient for ensuring that
businesses of all sizes maintain best practices when engaging with international consumers.
Privacy Shield provides EU, U.K., and Swiss consumers who wish to exercise
data protection rights with U.S. businesses a unique tool: expedient and
eective third-party dispute resolution.
About BBB EU Privacy Shield
BBB EU Privacy Shield, a division of BBB National Programs, is a vital component of the
co-regulatory Privacy Shield Frameworks, enabling U.S. businesses to demonstrate that
their privacy practices are aligned with European data protection standards. As a trusted
Independent Recourse Mechanism, BBB EU Privacy Shield assists consumers with resolving
privacy complaints against participating businesses through a free, accessible, and
transparent dispute resolution process.
About BBB National Programs
BBB National Programs is where businesses turn to enhance consumer trust and consumers
are heard. The non-profit organization creates a fairer playing field for businesses and a
better experience for consumers through the development and delivery of eective third-
party accountability and dispute resolution programs. Embracing its role as an independent
organization since the restructuring of the Council of Better Business Bureaus in June 2019,
BBB National Programs today oversees more than a dozen leading national industry self
regulation programs, and continues to evolve its work and grow its impact by providing
business guidance and fostering best practices in arenas such as advertising, child-directed
marketing, and privacy. To learn more, visit bbbprograms.org.
bbbprograms.org
