Name JAMS as Your Dispute Resolution Provider
If you wish to name JAMS as your Dispute Resolution provider under the EU-U.S. Privacy Shield program or the Swiss-U.S. Privacy Shield program, please register using the link below.
If (1) your personal data was collected in a European Union (EU) / European Economic Area (EEA) member country and / or Switzerland, and (2) you believe you have a claim concerning the collection, use, and retention of your personal data by an organization in the United States that has chosen JAMS to be its Alternative Dispute Resolution (ADR) provider for disputes under the EU-U.S. Privacy Shield Framework and / or the Swiss-U.S. Privacy Shield Program, Swiss Safe Harbor Framework and / or the U.S.-EU Safe Harbor Framework as set forth by the U.S. Department of Commerce, whichever applies, then you may contact JAMS to begin the process of opening a Data Privacy case. Your case must address an alleged breach of one or more of the Privacy Shield Principles or Safe Harbor Privacy Principles.
EU-U.S. Privacy Shield Principles
The Privacy Shield Principles include seven Privacy Principles, agreed to by the U.S. Department of Commerce and the European Commission, regarding the processing of personal data of EU citizens and residents under the EU-U.S. Privacy Shield Framework. These principles are contained in the document titled “ANNEXES to the Commission Implementing Decision pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield."
Seven Promises to Protect Individual Privacy
If your organization processes any personal data received from European Union and EEA countries, participating organizations in the United States must first self-certify that they comply with the seven Privacy Shield Principles:
These seven principles, as well as the Supplemental Principles are detailed by the U.S. Department of Commerce.
Organizations may subscribe to “readily available and affordable independent recourse mechanisms”— conciliation and / or arbitration services offered at no cost to the individual —to resolve complaints from EU individuals that the parties were unable to resolve on their own. Privacy Shield organizations and their independent dispute resolution body must respond promptly to inquiries and requests by the Department of Commerce, which is obligated to pass along complaints referred by EU DPAs. EU residents have the option of filing complaints directly with their local DPA, which will work with the Department of Commerce and the Federal Trade Commission (FTC) to investigate and resolve complaints. As a last resort, for complaints left unresolved by all other available mechanisms, individuals may invoke binding arbitration before a newly constituted Privacy Shield Panel, consisting of a pool of 20 arbitrators designated by the Department of Commerce and the European Commission, from which the parties will be able to select either one or three arbitrators.
Consequences for Non-Compliance
In addition to enforcement by the FTC or Department of Transportation for its own privacy violations, an organization also remains liable for its agents’ or service providers’ failure to comply with the Principles unless the organization can show it was not responsible for the event giving rise to the violation.
Organizations must verify their compliance with Privacy Shield, either through a documented internal self-assessment process or by engaging a third party verifier. Organizations must keep records of the implementation of their Privacy Shield privacy practices and make them available to enforcement agencies in the course of an investigation.
So long as an organization retains Privacy Shield data, it must affirm its compliance to the Department of Commerce on an annual basis, even if it withdraws from the framework. Alternatively, the organization must either return or delete the information, or affirm that it will provide adequate protection for the Privacy Shield data by another authorized means such as the EU standard contractual clauses.
As with all EU-U.S. or Swiss-U.S. Privacy Shield and / or the Safe Harbor cases, the Claimant does not have to pay to bring an ADR case. All ADR costs will be paid by the Respondent organization. Standard JAMS rates apply to all EU-U.S. Privacy Shield and / or the Safe Harbor cases. Rates vary by location and neutral agreed upon by the Claimant and the Respondent. (Please note this fee arrangement is unique to EU-U.S. Privacy Shield and Safe Harbor cases.)
Submit a Claim
If your complaint meets all of the requirements and you are ready to open a request to submit a claim please use the link below.
Loading... Please wait