First annual review Privacy Shield: European Commission states it works, but implementation can be improved19-10-2017
In September 2017, the first annual review of the Privacy Shield was conducted over the course of two days in Washington, D.C. On 18 October, the European Commission published its first report on the results of the review. The European Commission concluded that, overall, the U.S. authorities have put in place the necessary structures and procedures to ensure the correct functioning of the Privacy Shield. Moreover, according to the European Commission, the certification process is functioning well with over 2,400 companies having been certified. There is, however, room for improvement.
In its report, the European Commission makes several recommendations to the U.S. authorities, both from a commercial and national security perspective, among which:
- A more proactive and regular monitoring of the companies’ compliance by the U.S. Department of Commerce;
- More awareness-raising for EU individuals about how they can exercise their rights under the Privacy Shield, notably on how to lodge complaints; and
- The swift appointment of a permanent Ombudsperson as well as appointing new members for the vacant seats on the Privacy and Civil Liberties Oversight Board.
The report will now be sent to the European Parliament, the Council, the U.S. Authorities and the Article 29 Working Party (“WP29”). The WP29, who has been critical of the Privacy Shield from the start, announced prior to the annual review that it expected to be consulted on the final report by the European Commission and that it considers publishing its own report. We will have to wait and see whether the WP29 will also release its own report, after reviewing the report of the European Commission; and, more importantly, what its conclusions will be. Ovidius will keep you updated.
Read more about the Privacy Shield in our update of 16 November 2016.