European Commission Reports on the First Year of EU-US Privacy Shield
The European Commission published its report on the first annual review of the EU-US Privacy Shield last week. The report reflects the commission’s findings on the implementation and enforcement of the EU-US Privacy Shield framework in its first year of operation.
The Privacy Shield is a framework for the transfer of personal data from the EU to companies in the US for commercial purposes. It is based on a certification system by which US companies commit to adhere to a set of privacy principles – the EU-US Privacy Shield framework principles. Certification is voluntary, but companies that have been certified must comply with the principles, as they become enforceable under US law.
The Privacy Shield framework is administered and monitored by the US Department of Commerce and compliance with the principles is enforced by the Federal Trade Commission or the Department of Transportation, depending on which authority has jurisdiction over the Privacy Shield-certified company.
On the whole, the report shows that the Privacy Shield continues to ensure an adequate level of data protection. However, there is room for improvement. The commission has drawn up a list of recommendations on the functioning of the shield that need to be improved by the US authorities.
US Secretary of Commerce Wilbur Ross said welcomed the release of the report.
“We have worked closely with our partners across the EU during the past year as we implemented the Privacy Shield program,” said Ross. “That cooperative approach led to a stronger program and a successful first annual review held in late September. We look forward to continuing to work together with our colleagues on the European Commission and across all of the EU Member States as we continually strive to ensure that the Privacy Shield program serves all stakeholders well.”
The report will be sent to the European Parliament and other EU bodies and to US authorities. The Commission will work with the US authorities on the follow-up of its recommendations in the coming months.
More than 2,500 organizations participate in the Privacy Shield program to transfer personal data from the EU to the United States in compliance with EU data protection laws.