Withdrawal from Privacy ShieldWithdrawal from Privacy Shield
If your organization wishes to withdraw from the Privacy Shield, please contact the Privacy Shield Team at the Department of Commerce. The Privacy Shield Team will send your organization a questionnaire to verify whether it will return, delete, or continue to apply the Privacy Shield Principles to the personal information that it received while participating in the Privacy Shield, and if personal information will be retained who within your organization will serve as an ongoing point of contact for Privacy Shield-related questions.
Upon confirming your organization's withdrawal, the Privacy Shield Team will remove your organization from the Privacy Shield List and add your organization to the authoritative record of U.S. organizations that had previously self-certified to the Department, but have been removed from the Privacy Shield List with an indication that your organization had requested to withdraw. This record will be accessible from the Privacy Shield website.
Upon your organization’s removal from the Privacy Shield List, your organization may no longer benefit from the European Commission’s or Swiss Government's adequacy decision to receive personal information from the EU or Switzerland. Your organization must continue to apply the Privacy Shield Principles to the personal information it received while it participated in the Privacy Shield, and affirm to the Department on an annual basis its commitment to do so, for as long as it retains such information; otherwise, your organization must return or delete the information or provide "adequate" protection for the information by another authorized means. If your organization elects to retain the data and affirm to the Department on an annual basis that it continues to apply the Privacy Shield Principles to the personal information, your organization will be sent a questionnaire once a year.