As we noted in our January blog post Swiss-US Privacy Shield Adopted, Aligns with EU-US Privacy Shield, the Department of Commerce will begin accepting self-certifications to the Swiss-US Privacy Shield on April 12, 2017.

In response to frequently asked questions, Commerce provides guidance on how to self-certify:

  • Companies already certified under the EU-US Privacy Shield: Companies that have already self-certified to the EU-US Privacy Shield Framework, can log into to their existing Privacy Shield accounts and click on “self-certify.” Companies will have to pay a separate annual fee, which will be similar in tier structure to the EU-US Privacy Shield fee structure. If a company is approved under both frameworks, the re-certification date will be one year from the date of the first of the two certifications.
  • Companies not yet certified under the EU-US Privacy Shield: If a company is not yet certified under the EU-US Privacy Shield, then it will be able to select the “Self-Certify” link on the Privacy Shield website to certify for one or both of the frameworks.

Regardless of whether a company is certified under the EU-US Privacy Shield, any company applying for certification under the Swiss-US Privacy Shield framework will have to update its privacy notice to align with Privacy Shield requirements.