The EU-US and Swiss-US Privacy Shield Frameworks were designed by the US Department of Commerce and the European Commission and Swiss Administration to regulate transatlantic exchanges of personal data for commercial purposes. These frameworks provide companies on both sides of the Atlantic with a mechanism to stay in compliance with EU and US requirements for data protection.
In July 2020, the Court of Justice of the European Union ruled that the EU-U.S. Privacy Shield is not a valid mechanism to ensure compliance with EU data protection requirements when transferring personal data from the European Economic Area to the United States. As a result, the EU-US and Swiss-US Privacy Shield Frameworks may no longer be used as a means of showing compliance with EU regulations regarding personal data.
However, the EU Standard Contractual Clauses (SCC) remain a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Economic Area and the United Kingdom to the United States.
Reports and other documentation
View the IBM policy and list of privacy-shield certified IBM Cloud® services
While the EU-US and Swiss-US Privacy Shield Frameworks may no longer be used or relied upon for transfer of personal information, IBM continues to comply with all EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework obligations. Doing so demonstrates IBM’s serious commitment to protect personal information in accordance with a set of privacy principles that offer meaningful privacy protections and recourse for EU individuals.
Services
A current list of services can be found at https://www.ibm.com/us-en/privacy/privacy-shield