Skip to Content


Proposed Information Collection; Comment Request; Information Collection for Self-Certification to the EU-U.S. Privacy Shield Framework

Document Details

Information about this document as published in the Federal Register.

Document Statistics
Document page views are updated periodically throughout the day and are cumulative counts for this document including its time on Public Inspection. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.
Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble


International Trade Administration, Department of Commerce.




The Department of Commerce, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to take this opportunity to comment on proposed and/or continuing information collections, as required by the Paperwork Reduction Act of 1995.


Written comments must be submitted on or before January 9, 2017.


Direct all written comments to Jennifer Jessup, Departmental Paperwork Clearance Officer, Department of Commerce, Room 6616, 14th and Constitution Avenue NW., Washington, DC 20230 (or via the Internet at

Start Further Info


Requests for additional information or copies of the information collection instrument and instructions should be directed to David Ritchie, Department of Commerce, International Trade Administration, Room 20001, 1401 Constitution Avenue NW., Washington, DC, (or via the Internet at, and tel. 202-482-1512).

End Further Info End Preamble Start Supplemental Information


I. Abstract

The United States and the European Union (EU) share the goal of enhancing privacy protection for their citizens, but take different approaches to protecting personal data. Given those differences, the Department of Commerce (DOC) developed the EU-U.S. Privacy Shield Framework (Privacy Shield) in consultation with the European Commission, as well as with industry and other stakeholders, to provide organizations in the United States with a reliable mechanism for personal data transfers to the United States from the European Union while ensuring the protection of the data as required by EU law.

On July 12, 2016, the European Commission deemed the Privacy Shield Framework adequate to enable data transfers under EU law, and the DOC began accepting self-certification submissions from organizations on August 1, 2016. More information on the Privacy Shield is available at:​welcome.

The DOC has issued the Privacy Shield Principles under its statutory authority to foster, promote, and develop international commerce (15 U.S.C. 1512). ITA administers and supervises the Privacy Shield, including by maintaining and making publicly available an authoritative list of U.S. organizations that have self-certified to the DOC. U.S. organizations submit information to ITA to self-certify their compliance with Privacy Shield.

U.S. organizations considering self-certifying to the Privacy Shield should review the Privacy Shield Framework. In summary, in order to enter the Privacy Shield, an organization must (a) be subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), the Department of Transportation, or another statutory body that will effectively ensure compliance with the Principles; (b) publicly declare its commitment to comply with the Principles; (c) publicly disclose its privacy policies in line with the Principles; and (d) fully implement them.

Self-certification to the DOC is voluntary; however, an organization's failure to comply with the Principles after its self-certification is enforceable under Section 5 of the Federal Trade Commission Act prohibiting unfair and deceptive acts in or affecting commerce (15 U.S.C. 45(a)) or other laws or regulations prohibiting such acts.

In order to rely on the Privacy Shield for transfers of personal data from the EU, an organization must self-certify its adherence to the Principles to the DOC, be placed by the ITA on the Privacy Shield List, and remain on the Privacy Shield List. To self-certify for the Privacy Shield, an organization must provide to the DOC a self-certification submission that contains the information specified in the Privacy Shield Principles. The Privacy Shield self-certification form, the proposed information collection, would be the means by which an organization would provide the relevant information to ITA.

II. Method of Collection

The Privacy Shield self-certification is submitted electronically by organizations through the DOC's Privacy Shield Web site (​).

III. Data

OMB Control Number: 0625-0276.

Form Number(s): None.

Type of Review: Regular submission.

Affected Public: Primarily businesses or other for-profit organizations.

Estimated Number of Respondents: 3,600.

Estimated Time per Response: 40 Minutes.

Estimated Total Annual Burden Hours: 2,376.

Estimated Total Annual Cost to Public: $2,824,200.

IV. Request for Comments

Comments are invited on: (a) Whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information shall have practical utility; (b) the accuracy of the agency's estimate of the burden (including hours and cost) of the proposed collection of information; (c) ways to enhance the quality, utility, and clarity of the information to be collected; and (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology.

Comments submitted in response to this notice will be summarized and/or included in the request for OMB approval of this information collection; Start Printed Page 78776they also will become a matter of public record.

Start Signature

Sheleen Dumas,

PRA Departmental Lead, Office of the Chief Information Officer.

End Signature End Supplemental Information

[FR Doc. 2016-27053 Filed 11-8-16; 8:45 am]