Data privacy · Europe

Total costs for US Privacy Shield

Jeff O'Neill Patent attorney and solopreneur

Last updated on June 28th, 2017

Does anyone know the total annual costs for a small company (less than $5 million annual revenue) to self-certify to Privacy Shield?

The website says that the cost is $250 or $375 depending on whether you join one or both of EU and Swiss programs and also states that there are two more costs:

Organizations will have additional direct costs associated with participating in the Privacy Shield. For example, Privacy Shield organizations {1} must provide a readily available independent recourse mechanism to hear individual complaints at no cost to the individual. Providers of such services set their own fees. Furthermore, the Frameworks require that {2} the Department of Commerce facilitate the establishment of a fund, into which Privacy Shield organizations will be required to pay an annual contribution, which will cover arbitral costs as described in Annex I to the Principles.

For {1}, I understand that you can use a US provider or a EU data protection authority. Anyone know the cost for these two options?

For {2}, I have no idea what this is and how much it costs.

Matt Joseph Managing Director of VeraSafe, a privacy and cybersecurity consulting firm

Last updated on May 8th, 2019

Assuming that your company is a small business (with gross annual revenue up to $5 million) the current fees are as follows:

  • Annual fee paid to the U.S. Department of Commerce is $250 or $375, depending on the scope of your certification (i.e., if your company is joining one or both EU-U.S. and Swiss-U.S. version of the program, respectively),
  • One-time contribution to the Privacy Shield Arbitral Fund of $250 (the fund is administered by the American Arbitration Association’s International Centre for Dispute Resolution (ICDR-AAA), and
  • Annual enrollment fee in one of the Privacy Shield dispute resolution programs (known as Independent Resource Mechanism). Each Privacy Shield participant has to appoint an IRM services provider to mediate privacy disputes that might arise from your company’s participation in the Privacy Shield. Those services are available from a small number of recognized service providers. My organization, VeraSafe is one such service provider. The enrollment fee in VeraSafe's Privacy Shield dispute resolution program is $750/year.

Note that these fees are subject to change.