The third annual review of the progress of the EU-US Privacy Shield framework, which provides a secure flow of protected data, has been released.
The EU-US Privacy Shield came into operation in August 2016 as a mechanism for protecting the data of consumers based in the EU who conduct transactions with US-based commercial services and entities; and the European Commission has committed to producing annual reviews of the Privacy Shield’s progress. Overall the latest report is positive, acknowledging substantial improvements in the implementation of the framework and consistently ‘adequate’ levels of personal data protection.
The third EU-US Privacy Shield review highlighted a number of active improvements in the ongoing functionality and enforcement of the mechanism, including:
- The US Department of Commerce now takes a more systematic approach to oversight, for example by implementing monthly checks on a random sample of the Privacy Shield’s 5,000 participants;
- The Federal Trade Commission is increasingly proactive in enforcing the parameters of the Privacy Shield;
- A permanent EU-US Privacy Shield Ombudsperson has now been appointed along with two new members of the Privacy and Civil Liberties Oversight Board, which is now fully staffed for the first time since its inception in 2016; and
- A growing number of EU residents are asserting their rights to data protection under the EU-US Privacy Shield.
The report recommended a number of actions which could further improve the functioning of the EU-US Privacy Shield; including shoring up the process of certification for participating companies and increasing the range and scope of compliance checks.
Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, said: “With around 5,000 participating companies, the Privacy Shield has become a success story. The annual review is an important health check for its functioning. We will continue the digital diplomacy dialogue with our U.S. counterparts to make the Shield stronger, including when it comes to oversight, enforcement; and in [the] longer term, to increase convergence of our systems.”